Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Problem with 'require safe negotiation'

  • 3 replies
  • 1 has this problem
  • 184 views
  • Last reply by pysar

pysar
pysar
more options

I tried to make a purchase and during one of the redirects Firefox reported that it was unable to establish safe negotiation (error code: SSL_ERROR_UNSAFE_NEGOTIATION). The site that had the problem is https://secure5.arcot.com/ . I have security.ssl.require_safe_negotiation set to true. However, if I set it to false and go to that site, Firefox reports that it uses "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2". I am not an expert in ciphers/TLS but the version seems sufficiently new.

I would like to report the problem but I need to know whom to report it. So far, it seems like a Firefox bug. However, I am not a security expect and, perhaps, the site is using a different obsolete SSL version to negotiate. How can I determine what exactly caused the failure?

I tried to make a purchase and during one of the redirects Firefox reported that it was unable to establish safe negotiation (error code: SSL_ERROR_UNSAFE_NEGOTIATION). The site that had the problem is https://secure5.arcot.com/ . I have security.ssl.require_safe_negotiation set to true. However, if I set it to false and go to that site, Firefox reports that it uses "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2". I am not an expert in ciphers/TLS but the version seems sufficiently new. I would like to report the problem but I need to know whom to report it. So far, it seems like a Firefox bug. However, I am not a security expect and, perhaps, the site is using a different obsolete SSL version to negotiate. How can I determine what exactly caused the failure?

Modified by pysar

Chosen solution

Hi, sorry to take so long to get back to you. It is not your or Firefox's problem.

If you go to https://secure5.arcot.com/ and then click the Show Site Information which is the i in a circle in the Address Bar then the Right Arrow Point > , Then More Information then the Show Certificate Button it will tell you that they are using a Symantec Certificate. They have all been revoked and are no longer acceptable to any browser do to their issue of loosing and suspect sites having them. Digicert as per this url :

You may want to inform the site if you can.

Please let us know if this solved your issue or if need further assistance.

Read this answer in context 👍 0

All Replies (3)

Shadow110
Shadow110
more options

Chosen Solution

Hi, sorry to take so long to get back to you. It is not your or Firefox's problem.

If you go to https://secure5.arcot.com/ and then click the Show Site Information which is the i in a circle in the Address Bar then the Right Arrow Point > , Then More Information then the Show Certificate Button it will tell you that they are using a Symantec Certificate. They have all been revoked and are no longer acceptable to any browser do to their issue of loosing and suspect sites having them. Digicert as per this url :

You may want to inform the site if you can.

Please let us know if this solved your issue or if need further assistance.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

See:

pysar
pysar Question owner
more options

Thanks! I mistakenly thought that the error code was related only to the incorrect protocol version. I will send an email to the seller company.