Mozilla サポートの検索

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

詳しく学ぶ

このスレッドはアーカイブに保管されました。 必要であれば新たに質問してください。

An https site I have been using for years suddenly is no longer accessible "because the authenticity of the received data could no longer be verified."

  • 17 件の返信
  • 49 人がこの問題に困っています
  • 2 回表示
  • 最後の返信者: gmusser

more options

It works on Furefox on Windows7 Pro and on Internet Explorer but not on Windows 7 Home Edition, and not on my Android phone. Any ideas how to work around thus?

It works on Furefox on Windows7 Pro and on Internet Explorer but not on Windows 7 Home Edition, and not on my Android phone. Any ideas how to work around thus?

選ばれた解決策

In another thread, you indicated that the site is https://teradatanet.teradata.com/

That site uses TLS 1.0, an older version of the SSL standard that Firefox 37 no longer treats as secure. This is a change from Firefox 36.

You can make a site-specific exception for the problem server so Firefox allows TLS 1.0 -- this is for Windows, I have not tested on Android:

Here's how:

(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character, and not including either of those. In this case: teradatanet.teradata.com

(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(3) In the search box above the list, type or paste tls and pause while the list is filtered

(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.

When you reload that site, Firefox 37 will now redirect to a second server (note the additional 0 in the host name):

https://teradatanet0.teradata.com/Site0083/oam/UI/Login?goto=https://teradatanet.teradata.com/c/portal/login

So repeat steps 1 and 4 with the additional host name (in step 4, add the second host name after a comma, do not delete the first one).

Now when you reload, it should work like Firefox 36. Instead of a gray padlock, you should see the gray exclamation triangle warning icon, indicating a problem with the connection. In this case, the problem is that the server uses an RC4 cipher, which Firefox 36 and higher treat as insecure/hackable.

この回答をすべて読む 👍 8

すべての返信 (17)

more options

The exact url is rather important here.

more options

選ばれた解決策

In another thread, you indicated that the site is https://teradatanet.teradata.com/

That site uses TLS 1.0, an older version of the SSL standard that Firefox 37 no longer treats as secure. This is a change from Firefox 36.

You can make a site-specific exception for the problem server so Firefox allows TLS 1.0 -- this is for Windows, I have not tested on Android:

Here's how:

(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character, and not including either of those. In this case: teradatanet.teradata.com

(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(3) In the search box above the list, type or paste tls and pause while the list is filtered

(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.

When you reload that site, Firefox 37 will now redirect to a second server (note the additional 0 in the host name):

https://teradatanet0.teradata.com/Site0083/oam/UI/Login?goto=https://teradatanet.teradata.com/c/portal/login

So repeat steps 1 and 4 with the additional host name (in step 4, add the second host name after a comma, do not delete the first one).

Now when you reload, it should work like Firefox 36. Instead of a gray padlock, you should see the gray exclamation triangle warning icon, indicating a problem with the connection. In this case, the problem is that the server uses an RC4 cipher, which Firefox 36 and higher treat as insecure/hackable.

more options

Yep! That does it. Thank you very much.

more options

That fixed my Android phone too. The mystery remains: why does this URL still work with Firefox 37.0.1 on Windows 7 Pro when security.tls.insecure_fallback_hosts is still set to an empty string?

more options

GJColeman78 said

The mystery remains: why does this URL still work with Firefox 37.0.1 on Windows 7 Pro when security.tls.insecure_fallback_hosts is still set to an empty string?

Could you check on whether any of your other tls preferences have been modified on the Win7Pro system?

more options

Ah! Good question! On my Windows Pro system the Preference value "security.tls.unrestricted_rc4_fallback" is not defined, but it is set to "true" in the Windows Home installation of Firefox. So maybe it is using a default fallback list? Maybe I could also have fixed this by setting security.tls.unrestricted_rc4_fallback to false?

more options

I think security.tls.unrestricted_rc4_fallback is a preference that will be introduced in Firefox 38 (currently available as "Beta") and would have no effect in Firefox 37.

It should default to false, but I don't think this affects the TLS 1.0 issue either way. Instead, it affects the gray exclamation triangle warning icon issue. (Actually, I can't say whether it's a warning in Firefox 38 or a hard block, I haven't researched that.)

more options

Oh, okay. During this discussion, in desperation before I had any idea of a solution I had installed the Beta version (38) on Windows Home. That's why I now see security.tls.unrestricted_rc4_fallback there. But that's the only difference in tls settings I can see.

more options

Hmm, I don't know why your Windows 7 Pro Firefox 37 didn't have the same objections as your home system (and as my system).

more options

Well, if it shows up in the future I guess I know what to do. I just rebooted the 'Pro system for another reason and it still works. Thanks.

more options

I'm running FF 37.0.2 under Mac OS 10.10.3, and whenever I try to access 23andme.com, I get a "Secure Connection Failed" error. I added the domain to the security.tls.insecure_fallback_hosts string, but still get the error.

more options

Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field type/paste the URL of the website:
https://23andme.com

  • retrieve the certificate via the "Get certificate" button
  • inspect the certificate via the "View..." button
more options

Many thanks. When I try that procedure, I am told "no information available".

more options

I see this information in the certificate viewer.


You can check the connection settings.

If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.

Try to disable IPv6 (check for other possible causes as well).

more options

I'm not using a proxy. I tried disabling IPv6 and prefetching using the about:config flags, but still the problem persists. This is the only website I haven't been able to access using FF. I can access the website without trouble using Safari and Chrome.

At this point, I have to conclude that there's a bug or, equivalently, unintended feature in FF that is stopping me.

more options

Try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

If that didn't help then remove or rename secmod.db (secmod.db.old) as well.

You can use this button to go to the currently used Firefox profile folder:

more options

No dice. I renamed both cert8.db and secmod.db and restarted, but still can't access 23andme.com.