I keep getting the "secure connection failed" message....
I have tried everything that is offered as a solution. Once if not twice. I did the about:config..........change the SSL2 to true a month ago but now I went to check it and it isn't even there any more. I restored FF and that was kind of a pain but I did finally get things back to where I had them. The sites I am attempting to go to work fine in Chrome or IE. Just not on FF. It only happens on some sites. The ones that are important of course. Everything worked fine until a few months ago. I hate having to switch browsers to do the few things I need to. One of the suggestions was to contact the owner of the site which I did. They talked to me like I was from Mars and had no idea what to do.
All Replies (12)
hello, first please make sure that the date & time is set correctly on your system.
if this doesn't solve the issue (or it is already set properly), could you tell us which error code is shown under technical details on the error message and when you inspect the certificate which issuer information it does contain (see screenshot)?
"This Connection is Untrusted" error message appears - What to do
Secure Connection Failed
An error occurred during a connection to xxxxxxxxx.net
Peer received a valid certificate, but access was denied. (Error code: ssl_error_access_denied_alert)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
Or this one...
Secure Connection Failed
An error occurred during a connection to www.xxxxx.com. Peer attempted old style (potentially vulnerable) handshake. (Error code: ssl_error_unsafe_negotiation)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
Both of these are big sites and I have visted them many times in the past.
I had checked the date previously.
Modified
i could access the site you've posted originally without an issue so i will assume that it is not a general firefox issue.
can you try to open the site in a new profile created for testing purposes?: Profile Manager - Create, remove or switch Firefox profiles
I just tried making a new profile and using it and I got the same error message. Which site did you try to go onto?
it was the utility commission one...
can you try the other troubleshooting suggestions from this thread?
I can get on the utility website also. It's when I go the the bill pay option and try to go through to make a payment that it stops at that point with the message. When I called them to ask them about it they really had no clue as to why it wouldn't work. It won't let me sign in to ebay to make purchases either, or a few others that I have to use my password for.
Believe me. I have tried everything that has been posted.
I think I'm just going to give up and drop FF and go with Chrome. Hate to because I have used FF since it first came out. I'll just have to get used to a new browser I guess.
Question is, are they using advanced protocols (TLS 1.1 or 1.2) that Firefox's doesn't use by default and disabling fallbacks -- which would be a compatibility nightmare -- or using old protocols that Firefox no longer supports -- which would seem to put them out of compliance with industry requirements (PCI).
Obviously the payment processor site isn't the xxxxx one you listed, so I can't check it myself. You can enter the host name or domain name of the site that is giving the error, you can get a list of what SSL protocols it supports by testing it on the following site (takes a minute to run and the page refreshes during the progress, so easiest to let it spin rather than trying to scroll down to view the partial results):
https://www.ssllabs.com/ssltest/index.html
What protocol(s) are they using?
If the sites check out, it's possible that Firefox is connecting through a proxy that is intercepting, decrypting, and re-encrypting your secure traffic. Some security software may do this, as well as some legitimate services. An attacker, rogue extension, external malware, and hacked router are other possibilities.
Configuration Protocols TLS 1.2 No TLS 1.1 No TLS 1.0 Yes SSL 3 Yes SSL 2 INSECURE Yes Cipher Suites (SSL 3+ suites in server-preferred order, then SSL 2 suites where used) TLS_RSA_WITH_RC4_128_MD5 (0x4) 128 TLS_RSA_WITH_RC4_128_SHA (0x5) 128 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 168 TLS_RSA_WITH_DES_CBC_SHA (0x9) WEAK 56 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x64) WEAK 56 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x62) WEAK 56 TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x3) WEAK 40 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x6) WEAK 40 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 (0x40080) INSECURE 40 SSL_CK_RC4_128_EXPORT40_WITH_MD5 (0x20080) INSECURE 40 SSL_CK_DES_64_CBC_WITH_MD5 (0x60040) INSECURE 56 SSL_CK_RC2_128_CBC_WITH_MD5 (0x30080) INSECURE 128 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 (0x700c0) INSECURE 168 SSL_CK_RC4_128_WITH_MD5 (0x10080) INSECURE 128 Handshake Simulation Bing Oct 2013 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 Chrome 31 / Win 7 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 Firefox 17.0.7 ESR / Win 7 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 Firefox 24 / Win 7 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 Googlebot Oct 2013 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 IE 6 / XP No FS 1 No SNI 2 SSL 3 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 IE 7 / Vista TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 IE 8 / XP No FS 1 No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 IE 8-10 / Win 7 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 IE 11 / Win 7 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 IE 11 / Win 8.1 TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) No FS 168 Java 6u45 No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 Java 7u25 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 OpenSSL 0.9.8y TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 OpenSSL 1.0.1e TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) No FS 168 Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 Safari 6 / iOS 6.0.1 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 Safari 6.0.4 / OS X 10.8.4 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 Safari 7 / OS X 10.9 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 Tor 17.0.9 / Win 7 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 Yahoo Slurp Oct 2013 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS 128 (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. (2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. Protocol Details Secure Renegotiation Supported Secure Client-Initiated Renegotiation No Insecure Client-Initated Renegotiation No BEAST attack Not mitigated server-side (more info) SSL 3: 0x4, TLS 1.0: 0x4 TLS compression No RC4 Yes NOT DESIRABLE (more info) Forward Secrecy No NOT DESIRABLE (more info) Next Protocol Negotiation No
This is getting a little over my head!!! I really do appreciate your help. I don't understand I guess if they are using a old protocol (?) how that is. They are the local ISP for this town shouldn't they know better? And as far as the other one goes one of them is icloud and how or why would they use something old? I'm confused I guess!
Modified
That looks like data from a server with old security software.
SSL2 hasn't been supported by Firefox for quite a few versions (older than Firefox 8).
Does it help to set these two prefs to 0 (zero) on the about:config page to disable TLS?
- security.tls.version.min = 0
- security.tls.version.max = 0
You can open the about:config page via the location bar like you open a web page.
Reset the prefs via the right-click context menu if this hasn't helped.
Boot the computer in Windows Safe Mode with network support (press F8 on the boot screen) as a test to see if that helps.
This worked sort of. I can now access one of the sites I was trying but still unable to log into eBay or icloud. Thank you for your help everyone!
The "handshake" test performed by the SSLLabs site shows that their Firefox simulation connected with TLS 1.0. That would correspond with setting the two Firefox preferences to 1 instead of 0. Do you want to try that and see whether it works? This could prevent Firefox from connecting with some older sites, however.