X
Tap here to go to the mobile version of the site.

Support Forum

Would like to get to this web site https://www.vermontfederal.org/home/home always did, not now, message SSL_ERROR_NO_CYPHER_OVERLAP

Posted

I can't get to my bank's website, where I used to go for many years. the site is:

https://www.vermontfederal.org/home/home   

I get message of Error: SSL_ERROR_NO_CYPHER_OVERLAP

It just happened out of nowhere. Thank you for help I can't change to newer browser, because I would have to change to newer system software on my Mac and would loose lots of software installed years ago which I like. The system on my Mac is OS 10.8.5 Evzen Holas

I can't get to my bank's website, where I used to go for many years. the site is: https://www.vermontfederal.org/home/home I get message of Error: SSL_ERROR_NO_CYPHER_OVERLAP It just happened out of nowhere. Thank you for help I can't change to newer browser, because I would have to change to newer system software on my Mac and would loose lots of software installed years ago which I like. The system on my Mac is OS 10.8.5 Evzen Holas
Quote

Additional System Details

Installed Plug-ins

  • Displays Java applet content, or a placeholder if Java is not installed.
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.
  • Shockwave Flash 22.0 r0
  • iPhoto6

Application

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:48.0) Gecko/20100101 Firefox/48.0

More Information

jscher2000
  • Top 10 Contributor
8569 solutions 70085 answers

Hi Evzen, many banks are tightening up their connection requirements, and you are running a very old version of Firefox that doesn't have the latest ciphers built-in.

The following page shows the bank has very strict connection requirements:

  • TLS 1.2 only (not 1.0 or 1.1)
  • One of these two ciphers:
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

https://www.ssllabs.com/ssltest/analyze.html?d=www.vermontfederal.org

Apparently Firefox 48 can't do that. Have you tried Safari?

Hi Evzen, many banks are tightening up their connection requirements, and you are running a very old version of Firefox that doesn't have the latest ciphers built-in. The following page shows the bank has very strict connection requirements: * TLS 1.2 only (not 1.0 or 1.1) * One of these two ciphers: ** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 https://www.ssllabs.com/ssltest/analyze.html?d=www.vermontfederal.org Apparently Firefox 48 can't do that. Have you tried Safari?
Was this helpful to you?
Quote
TyDraniu
  • Top 25 Contributor
300 solutions 1679 answers

Enter about:config in the URL bar and check values of security.tls.version.min and security.tls.version.max. Try to set security.tls.version.max = 3.

Enter ''about:config'' in the URL bar and check values of '''security.tls.version.min''' and '''security.tls.version.max'''. Try to set ''security.tls.version.max'' = 3.

Modified by TyDraniu

Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8569 solutions 70085 answers

In current Firefox, you also would want the following enabled. I don't know whether it exists in Firefox 48:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste gcm and pause while the list is filtered

(3) If the security.ssl3.ecdhe_rsa_aes_256_gcm_sha384 preference is bolded and "modified" or "user set" to false, double-click it to restore the default value of true

If it's missing completely, well, there's yer trouble.

In current Firefox, you also would want the following enabled. I don't know whether it exists in Firefox 48: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk. (2) In the search box above the list, type or paste '''gcm''' and pause while the list is filtered (3) If the '''security.ssl3.ecdhe_rsa_''aes_256''_gcm_''sha384''''' preference is bolded and "modified" or "user set" to false, double-click it to restore the default value of true If it's missing completely, well, there's yer trouble.
Was this helpful to you?
Quote

Question owner

To my helpers I can't use safari, I would have to update system software, which I do not want to do. (because thenewer once suck) My security.tls.version.max. is by default set to 3 And security.ssl3.ecdhe_rsa_aes_256_gcm_sha384, I do not have there, I have security.ssl3.ecdhe_rsa_aes_128_gcm_sha256

Thank you for trying. Is there any hope. It just happened out of nowhere, I was fine with this for years and other websites , like Pay Pal etc work

To my helpers I can't use safari, I would have to update system software, which I do not want to do. (because thenewer once suck) My security.tls.version.max. is by default set to 3 And security.ssl3.ecdhe_rsa_aes_256_gcm_sha384, I do not have there, I have security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 Thank you for trying. Is there any hope. It just happened out of nowhere, I was fine with this for years and other websites , like Pay Pal etc work
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8569 solutions 70085 answers

Since Firefox 48 cannot connect directly -- it doesn't have either of the required ciphers -- you would need to connect indirectly through a proxy. The proxy would accept your lower security connection, and would make a higher security connection with the target website.

Common proxies include security programs that intercept and filter your web connection, but I don't know if they will work in this situation. You could test one out, just be aware that you may need to restart your system or use an option in the software to set up Firefox to trust it (proxies generate fake website certificates). This help article lists some of the common ones: How to troubleshoot security error codes on secure websites.

Since Firefox 48 cannot connect directly -- it doesn't have either of the required ciphers -- you would need to connect indirectly through a proxy. The proxy would accept your lower security connection, and would make a higher security connection with the target website. Common proxies include security programs that intercept and filter your web connection, but I don't know if they will work in this situation. You could test one out, just be aware that you may need to restart your system or use an option in the software to set up Firefox to trust it (proxies generate fake website certificates). This help article lists some of the common ones: [[How to troubleshoot security error codes on secure websites]].
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.