X
Tap here to go to the mobile version of the site.

Support Forum

Secure connection failed in version 37.0.1 but works in all other browsers and firefox 36

Posted

Very similar issue to this, https://support.mozilla.org/en-US/questions/1056423. Am able to get to http://www.independentagent.com and then when the 'sign in' link is clicked (which redirects to https://sso.iiaba.net/login.aspx?sid=xxx) this error shows:

Secure Connection Failed

The connection to the server was reset while the page was loading.

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

I ran the sso.iiaba.net domain through https://www.ssllabs.com/ssltest/analyze.html?d=sso.iiaba.net and it reports a few warnings but gives the site an overall rating of B.

      • Fixed. As noted we were supporting old ciphers. We trimmed and resorted the cipher list and now we get an A on the ssllabs.com scan. Firefox works now, no problems. I wish the original error message was more descriptive.
Very similar issue to this, https://support.mozilla.org/en-US/questions/1056423. Am able to get to http://www.independentagent.com and then when the 'sign in' link is clicked (which redirects to https://sso.iiaba.net/login.aspx?sid=xxx) this error shows: Secure Connection Failed The connection to the server was reset while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. I ran the sso.iiaba.net domain through https://www.ssllabs.com/ssltest/analyze.html?d=sso.iiaba.net and it reports a few warnings but gives the site an overall rating of B. *** Fixed. As noted we were supporting old ciphers. We trimmed and resorted the cipher list and now we get an A on the ssllabs.com scan. Firefox works now, no problems. I wish the original error message was more descriptive.
Attached screenshots

Modified by cal1p3r

Chosen solution

The website may try to fallback to TLS 1.0 in a way that is no longer allowed in current releases or may be using a deprecated cipher suite.

You can open the about:config page via the location/address bar and use its search bar to locate this pref:

  • security.tls.insecure_fallback_hosts

You can double-click the line to modify the pref and add the domain (sso.iiaba.net) to this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). You should only see domains separated by a comma in the value column.



This site uses the cipher RC4 for encryption, which is deprecated and insecure. login.aspx
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More]
Read this answer in context 12

Additional System Details

Installed Plug-ins

  • ActiveTouch General Plugin Container Version 105
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.10
  • Citrix Online App Detector Plugin
  • Google Update
  • Intel web components updater - Installs and updates the Intel web components
  • Intel web components for Intel® Identity Protection Technology
  • The plugin allows you to have a better experience with Microsoft Lync
  • The plugin allows you to have a better experience with Microsoft SharePoint
  • LastPass Plugin
  • Shockwave Flash 17.0 r0
  • 5.1.30514.0
  • iTunes Detector Plug-in

Application

  • Firefox 37.0.1
  • User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
  • Support URL: https://support.mozilla.org/1/firefox/37.0.1/WINNT/en-US/

Extensions

  • LastPass 3.1.92 (support@lastpass.com)
  • Morning Coffee 1.38 (morningCoffee@shaneliesegang)
  • Video DownloadHelper 5.1.2 ({b9db16a4-6edc-47ec-a1f4-b86292ed211d})

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: NVIDIA GeForce GTX 770
  • adapterDescription2:
  • adapterDeviceID: 0x1184
  • adapterDeviceID2:
  • adapterDrivers: nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um
  • adapterDrivers2:
  • adapterRAM: 4095
  • adapterRAM2:
  • adapterSubsysID: 360c1458
  • adapterSubsysID2:
  • adapterVendorID: 0x10de
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.3.9600.17415
  • driverDate: 3-13-2015
  • driverDate2:
  • driverVersion: 9.18.13.4788
  • driverVersion2:
  • info: {u'AzureContentBackend': u'direct2d 1.1', u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (NVIDIA GeForce GTX 770 Direct3D11 vs_5_0 ps_5_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Modified Preferences

Misc

  • User JS: No
  • Accessibility: No
cor-el
  • Top 10 Contributor
  • Moderator
17673 solutions 159870 answers

Chosen Solution

The website may try to fallback to TLS 1.0 in a way that is no longer allowed in current releases or may be using a deprecated cipher suite.

You can open the about:config page via the location/address bar and use its search bar to locate this pref:

  • security.tls.insecure_fallback_hosts

You can double-click the line to modify the pref and add the domain (sso.iiaba.net) to this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). You should only see domains separated by a comma in the value column.



This site uses the cipher RC4 for encryption, which is deprecated and insecure. login.aspx
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More]
The website may try to fallback to TLS 1.0 in a way that is no longer allowed in current releases or may be using a deprecated cipher suite. You can open the <b>about:config</b> page via the location/address bar and use its search bar to locate this pref: *security.tls.insecure_fallback_hosts You can double-click the line to modify the pref and add the domain (sso.iiaba.net) to this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). You should only see domains separated by a comma in the value column. ---- *https://developer.mozilla.org/en-US/Firefox/Releases/36/Site_Compatibility#Security *https://developer.mozilla.org/en-US/Firefox/Releases/37/Site_Compatibility#Security ---- <blockquote>This site uses the cipher RC4 for encryption, which is deprecated and insecure. login.aspx<br /> This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More]</blockquote>

Modified by cor-el