X
モバイル版サイトに移動するには、ここをタップします。

サポートフォーラム

このスレッドはアーカイブに保管されました。 必要であれば新たに質問してください。

An https site I have been using for years suddenly is no longer accessible "because the authenticity of the received data could no longer be verified."

投稿日時

It works on Furefox on Windows7 Pro and on Internet Explorer but not on Windows 7 Home Edition, and not on my Android phone. Any ideas how to work around thus?

It works on Furefox on Windows7 Pro and on Internet Explorer but not on Windows 7 Home Edition, and not on my Android phone. Any ideas how to work around thus?

選ばれた解決策

In another thread, you indicated that the site is https://teradatanet.teradata.com/

That site uses TLS 1.0, an older version of the SSL standard that Firefox 37 no longer treats as secure. This is a change from Firefox 36.

You can make a site-specific exception for the problem server so Firefox allows TLS 1.0 -- this is for Windows, I have not tested on Android:

Here's how:

(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character, and not including either of those. In this case: teradatanet.teradata.com

(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(3) In the search box above the list, type or paste tls and pause while the list is filtered

(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.

When you reload that site, Firefox 37 will now redirect to a second server (note the additional 0 in the host name):

https://teradatanet0.teradata.com/Site0083/oam/UI/Login?goto=https://teradatanet.teradata.com/c/portal/login

So repeat steps 1 and 4 with the additional host name (in step 4, add the second host name after a comma, do not delete the first one).

Now when you reload, it should work like Firefox 36. Instead of a gray padlock, you should see the gray exclamation triangle warning icon, indicating a problem with the connection. In this case, the problem is that the server uses an RC4 cipher, which Firefox 36 and higher treat as insecure/hackable.

この回答をすべて読む 8

システム詳細の追加情報

アプリケーション

  • ユーザーエージェント: Mozilla/5.0 (Android; Mobile; rv:37.0) Gecko/37.0 Firefox/37.0

詳細情報

kbrosnan
  • Moderator
解決数 584 件 回答数 3850 件
投稿日時

役に立った返信

The exact url is rather important here.

The exact url is rather important here.
jscher2000
  • Top 10 Contributor
解決数 8757 件 回答数 71649 件
投稿日時

選ばれた解決策

In another thread, you indicated that the site is https://teradatanet.teradata.com/

That site uses TLS 1.0, an older version of the SSL standard that Firefox 37 no longer treats as secure. This is a change from Firefox 36.

You can make a site-specific exception for the problem server so Firefox allows TLS 1.0 -- this is for Windows, I have not tested on Android:

Here's how:

(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character, and not including either of those. In this case: teradatanet.teradata.com

(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(3) In the search box above the list, type or paste tls and pause while the list is filtered

(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.

When you reload that site, Firefox 37 will now redirect to a second server (note the additional 0 in the host name):

https://teradatanet0.teradata.com/Site0083/oam/UI/Login?goto=https://teradatanet.teradata.com/c/portal/login

So repeat steps 1 and 4 with the additional host name (in step 4, add the second host name after a comma, do not delete the first one).

Now when you reload, it should work like Firefox 36. Instead of a gray padlock, you should see the gray exclamation triangle warning icon, indicating a problem with the connection. In this case, the problem is that the server uses an RC4 cipher, which Firefox 36 and higher treat as insecure/hackable.

In another thread, you indicated that the site is https://teradatanet.teradata.com/ That site uses TLS 1.0, an older version of the SSL standard that Firefox 37 no longer treats as secure. This is a change from Firefox 36. You can make a site-specific exception for the problem server so Firefox allows TLS 1.0 -- this is for Windows, I have not tested on Android: Here's how: (1) Copy the host name of the server address. This is the part ''between'' the https:// protocol and the next / character, and not including either of those. In this case: '''teradatanet.teradata''.''com''' (2) In a new tab, type or paste '''about:config''' in the address bar and press Enter. Click the button promising to be careful. (3) In the search box above the list, type or paste '''tls''' and pause while the list is filtered (4) Double-click the '''security.tls.insecure_fallback_hosts''' preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change. When you reload that site, Firefox 37 will now redirect to a second server (note the additional 0 in the host name): https://'''teradatanet0.teradata''.''com'''/Site0083/oam/UI/Login?goto=https://teradatanet.teradata''.''com/c/portal/login So repeat steps 1 and 4 with the additional host name (in step 4, add the second host name after a comma, do not delete the first one). Now when you reload, it should work like Firefox 36. Instead of a gray padlock, you should see the gray exclamation triangle warning icon, indicating a problem with the connection. In this case, the problem is that the server uses an RC4 cipher, which Firefox 36 and higher treat as insecure/hackable.

質問者

Yep! That does it. Thank you very much.

Yep! That does it. Thank you very much.

質問者

That fixed my Android phone too. The mystery remains: why does this URL still work with Firefox 37.0.1 on Windows 7 Pro when security.tls.insecure_fallback_hosts is still set to an empty string?

That fixed my Android phone too. The mystery remains: why does this URL still work with Firefox 37.0.1 on '''Windows 7 Pro''' when security.tls.insecure_fallback_hosts is still set to an empty string?
jscher2000
  • Top 10 Contributor
解決数 8757 件 回答数 71649 件
投稿日時

GJColeman78 said

The mystery remains: why does this URL still work with Firefox 37.0.1 on Windows 7 Pro when security.tls.insecure_fallback_hosts is still set to an empty string?

Could you check on whether any of your other tls preferences have been modified on the Win7Pro system?

''GJColeman78 [[#answer-714317|said]]'' <blockquote> The mystery remains: why does this URL still work with Firefox 37.0.1 on '''Windows 7 Pro''' when security.tls.insecure_fallback_hosts is still set to an empty string? </blockquote> Could you check on whether any of your other tls preferences have been modified on the Win7Pro system?

質問者

Ah! Good question! On my Windows Pro system the Preference value "security.tls.unrestricted_rc4_fallback" is not defined, but it is set to "true" in the Windows Home installation of Firefox. So maybe it is using a default fallback list? Maybe I could also have fixed this by setting security.tls.unrestricted_rc4_fallback to false?

Ah! Good question! On my Windows Pro system the Preference value "'''security.tls.unrestricted_rc4_fallback'''" is not defined, but it is set to "true" in the Windows Home installation of Firefox. So maybe it is using a default fallback list? Maybe I could also have fixed this by setting security.tls.unrestricted_rc4_fallback to false?
jscher2000
  • Top 10 Contributor
解決数 8757 件 回答数 71649 件
投稿日時

I think security.tls.unrestricted_rc4_fallback is a preference that will be introduced in Firefox 38 (currently available as "Beta") and would have no effect in Firefox 37.

It should default to false, but I don't think this affects the TLS 1.0 issue either way. Instead, it affects the gray exclamation triangle warning icon issue. (Actually, I can't say whether it's a warning in Firefox 38 or a hard block, I haven't researched that.)

I think '''security.tls.unrestricted_rc4_fallback''' is a preference that will be introduced in Firefox 38 (currently available as "Beta") and would have no effect in Firefox 37. It should default to false, but I don't think this affects the TLS 1.0 issue either way. Instead, it affects the gray exclamation triangle warning icon issue. (Actually, I can't say whether it's a warning in Firefox 38 or a hard block, I haven't researched that.)

質問者

Oh, okay. During this discussion, in desperation before I had any idea of a solution I had installed the Beta version (38) on Windows Home. That's why I now see security.tls.unrestricted_rc4_fallback there. But that's the only difference in tls settings I can see.

Oh, okay. During this discussion, in desperation before I had any idea of a solution I had installed the Beta version (38) on Windows Home. That's why I now see '''security.tls.unrestricted_rc4_fallback''' there. But that's the only difference in tls settings I can see.
jscher2000
  • Top 10 Contributor
解決数 8757 件 回答数 71649 件
投稿日時

Hmm, I don't know why your Windows 7 Pro Firefox 37 didn't have the same objections as your home system (and as my system).

Hmm, I don't know why your Windows 7 Pro Firefox 37 didn't have the same objections as your home system (and as my system).

質問者

Well, if it shows up in the future I guess I know what to do. I just rebooted the 'Pro system for another reason and it still works. Thanks.

Well, if it shows up in the future I guess I know what to do. I just rebooted the 'Pro system for another reason and it still works. Thanks.
gmusser 解決数 0 件 回答数 4 件
投稿日時

I'm running FF 37.0.2 under Mac OS 10.10.3, and whenever I try to access 23andme.com, I get a "Secure Connection Failed" error. I added the domain to the security.tls.insecure_fallback_hosts string, but still get the error.

I'm running FF 37.0.2 under Mac OS 10.10.3, and whenever I try to access 23andme.com, I get a "Secure Connection Failed" error. I added the domain to the security.tls.insecure_fallback_hosts string, but still get the error.
cor-el
  • Top 10 Contributor
  • Moderator
解決数 17516 件 回答数 158398 件
投稿日時

Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field type/paste the URL of the website:
https://23andme.com

  • retrieve the certificate via the "Get certificate" button
  • inspect the certificate via the "View..." button
Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate: * chrome://pippki/content/exceptionDialog.xul In the location field type/paste the URL of the website:<br />https://23andme.com * retrieve the certificate via the "Get certificate" button * inspect the certificate via the "View..." button
gmusser 解決数 0 件 回答数 4 件
投稿日時

Many thanks. When I try that procedure, I am told "no information available".

Many thanks. When I try that procedure, I am told "no information available".
cor-el
  • Top 10 Contributor
  • Moderator
解決数 17516 件 回答数 158398 件
投稿日時

I see this information in the certificate viewer.


You can check the connection settings.

If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.

Try to disable IPv6 (check for other possible causes as well).

I see this information in the certificate viewer. ---- You can check the connection settings. *Firefox > Preferences > Advanced > Network : Connection > Settings *https://support.mozilla.org/kb/Options+window+-+Advanced+panel If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly. Try to disable IPv6 (check for other possible causes as well). *http://kb.mozillazine.org/Error_loading_websites
gmusser 解決数 0 件 回答数 4 件
投稿日時

I'm not using a proxy. I tried disabling IPv6 and prefetching using the about:config flags, but still the problem persists. This is the only website I haven't been able to access using FF. I can access the website without trouble using Safari and Chrome.

At this point, I have to conclude that there's a bug or, equivalently, unintended feature in FF that is stopping me.

I'm not using a proxy. I tried disabling IPv6 and prefetching using the about:config flags, but still the problem persists. This is the only website I haven't been able to access using FF. I can access the website without trouble using Safari and Chrome. At this point, I have to conclude that there's a bug or, equivalently, unintended feature in FF that is stopping me.
cor-el
  • Top 10 Contributor
  • Moderator
解決数 17516 件 回答数 158398 件
投稿日時

Try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

If that didn't help then remove or rename secmod.db (secmod.db.old) as well.

You can use this button to go to the currently used Firefox profile folder:

Try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored. If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate. If that didn't help then remove or rename secmod.db (secmod.db.old) as well. You can use this button to go to the currently used Firefox profile folder: *Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder) *http://kb.mozillazine.org/Profile_folder_-_Firefox
gmusser 解決数 0 件 回答数 4 件
投稿日時

No dice. I renamed both cert8.db and secmod.db and restarted, but still can't access 23andme.com.

No dice. I renamed both cert8.db and secmod.db and restarted, but still can't access 23andme.com.