X
Tap here to go to the mobile version of the site.

Support Forum

SSL_ERROR_NO_CYPHER_OVERLAP when going to amtrak.com

Posted

On multiple versions of Firefox ESR, I cannot successfully load amtrak.com. I do have a proxy inline, but all other browsers work just fine. I get the SSL_ERROR_NO_CYPHER_OVERLAP only when using Firefox. I did some searches online and found other people also had this error when trying to reach amtrak.com but didn't see any fixes. Anyone have any solutions?

On multiple versions of Firefox ESR, I cannot successfully load amtrak.com. I do have a proxy inline, but all other browsers work just fine. I get the SSL_ERROR_NO_CYPHER_OVERLAP only when using Firefox. I did some searches online and found other people also had this error when trying to reach amtrak.com but didn't see any fixes. Anyone have any solutions?
Quote

Additional System Details

Installed Plug-ins

Cisco Webex Extension LastPass

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36

More Information

FredMcD
  • Top 10 Contributor
4254 solutions 59584 answers

Helpful Reply

There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.

https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can

https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites

https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message

https://support.mozilla.org/en-US/kb/connection-untrusted-error-message

Websites don't load - troubleshoot and fix error messages

http://kb.mozillazine.org/Error_loading_websites

What do the security warning codes mean


SSL_ERROR_NO_CYPHER_OVERLAP Your server apparently doesn't offer any cipher suites necessary to establish a secure https connection that are supported in Firefox. You can check what kind of cipher suites Firefox can make use of by visiting; https://www.ssllabs.com/ssltest/viewMyClient.html

Firefox will just show the SSL_ERROR_NO_CYPHER_OVERLAP error when encountered any site using the RC4 cipher.

There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own. https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message https://support.mozilla.org/en-US/kb/connection-untrusted-error-message [https://support.mozilla.org/en-US/kb/websites-dont-load-troubleshoot-and-fix-errors?redirectlocale=en-US&redirectslug=Error+loading+web+sites Websites don't load - troubleshoot and fix error messages] http://kb.mozillazine.org/Error_loading_websites [https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean What do the security warning codes mean] '''SSL_ERROR_NO_CYPHER_OVERLAP''' Your server apparently doesn't offer any cipher suites necessary to establish a secure https connection that are supported in Firefox. You can check what kind of cipher suites Firefox can make use of by visiting; https://www.ssllabs.com/ssltest/viewMyClient.html Firefox will just show the SSL_ERROR_NO_CYPHER_OVERLAP error when encountered any site using the RC4 cipher.
Was this helpful to you? 1
Quote
cor-el
  • Top 10 Contributor
  • Moderator
17525 solutions 158458 answers

Helpful Reply

You can check the server.

You can check your browser to see if there is a cipher suites available in Firefox that is supported by the server.

You can check the server. *https://www.ssllabs.com/ssltest/ You can check your browser to see if there is a cipher suites available in Firefox that is supported by the server. *https://www.ssllabs.com/ssltest/viewMyClient.html
Was this helpful to you? 1
Quote

Question owner

Does anyone else experience this problem with amtrak.com? I reported it to them, but haven't heard back.

Does anyone else experience this problem with amtrak.com? I reported it to them, but haven't heard back.
Was this helpful to you?
Quote
cor-el
  • Top 10 Contributor
  • Moderator
17525 solutions 158458 answers

On the test page you can see that this server only supports one acceptable cipher suite.

Firefox uses for me this preferred cipher suite as listed in "Tools -> Page Info -> Security":

  • Connection Encrypted (TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 256 bit keys, TLS 1.2)

If you have security software or other software/connection that acts as a man-in-the-middle but doesn't support this cipher suite then you have a problem.

On the test page you can see that this server only supports one acceptable cipher suite. *TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH secp256r1 (eq. 3072 bits RSA) FS *https://www.ssllabs.com/ssltest/analyze.html?d=amtrak.com&s=23.73.138.76&latest Firefox uses for me this preferred cipher suite as listed in "Tools -> Page Info -> Security": * Connection Encrypted (TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 256 bit keys, TLS 1.2) If you have security software or other software/connection that acts as a man-in-the-middle but doesn't support this cipher suite then you have a problem.
Was this helpful to you? 1
Quote
farhadyousefi2422 0 solutions 1 answers

xstuartbarrettx said

On multiple versions of Firefox ESR, I cannot successfully load amtrak.com. I do have a proxy inline, but all other browsers work just fine. I get the SSL_ERROR_NO_CYPHER_OVERLAP only when using Firefox. I did some searches online and found other people also had this error when trying to reach amtrak.com but didn't see any fixes. Anyone have any solutions?
''xstuartbarrettx [[#question-1268972|said]]'' <blockquote> On multiple versions of Firefox ESR, I cannot successfully load amtrak.com. I do have a proxy inline, but all other browsers work just fine. I get the SSL_ERROR_NO_CYPHER_OVERLAP only when using Firefox. I did some searches online and found other people also had this error when trying to reach amtrak.com but didn't see any fixes. Anyone have any solutions? </blockquote>
Was this helpful to you?
Quote
cor-el
  • Top 10 Contributor
  • Moderator
17525 solutions 158458 answers

You can check your browser to see what cipher suites are supported and compare that with what the server supports.

If you use a proxy that possibly builds its own certificate chain then things might be different and the possibility of a cipher overlap error might be bigger especially in cases like this with a server that supports a limited set of cipher suites.

You can check your browser to see what cipher suites are supported and compare that with what the server supports. *https://www.ssllabs.com/ssltest/viewMyClient.html *https://www.ssllabs.com/ssltest/ If you use a proxy that possibly builds its own certificate chain then things might be different and the possibility of a cipher overlap error might be bigger especially in cases like this with a server that supports a limited set of cipher suites.
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.