Various Websites give SSL_ERROR_NO_CYPHER_OVERLAP
In the last few days, I have noticed that a number of websites are throwing me SSL_ERROR_NO_CYPHER_OVERLAP errors. Most websites, particularly more modern websites, seem to not have this issue. As some more professional examples, www.twitch.tv and www.dndbeyond.com throw this error. I have tried setting temporarily TLS version fallback limit and min to 0, with no change. I'm not really sure how to go about debugging what cyphers these websites do support and why they are throwing these errors. Any help on where to start would be greatly apprecaited.
All Replies (6)
Are you using a proxy or VPN?
You can check the connection settings.
- Settings -> General -> Network: Connection -> Settings
If you do not need to use a proxy to connect to internet, select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.
See "Firefox connection settings":
Boot the computer in Windows Safe mode with network support to see if that has effect in case security software is causing problems.
Thank you for the response,
I do not have my bitlocker key to hand, so I will have to wait till Monday to try safe mode.
I have a VPN installed, but am not using it presently, and when enabled get the same results. I will try uninstalling it and seeing if there is any change.
Firefox was not set up to use a proxy.
Also to be sure, make sure your Windows system date and time is correct as sometimes this can be a culprit with these kind of errors.
Could you compare your Firefox parameters on https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html
Sorry this is hard to read, but do you have a lot fewer cipher suites in your list:
Cipher Suites (in order of preference) TLS_AES_128_GCM_SHA256 (0x1301) Forward Secrecy 128 TLS_CHACHA20_POLY1305_SHA256 (0x1303) Forward Secrecy 256 TLS_AES_256_GCM_SHA384 (0x1302) Forward Secrecy 256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Forward Secrecy 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Forward Secrecy 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) WEAK 256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) WEAK 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) WEAK 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) WEAK 256 TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128 TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
I have fun the SSL client test, and got the same list of Cipher Suites in that order. I have also tried to look for commonalities between the results of failing websites, where the non-failing websites differ, but have not really got anywhere with that in my limited knowledge.
I was suspicious of system time, as I fairly recently had a CMOS battery failure, but the time and date settings all seem to be correct. Time in BIOS also displays correctly, although I don't know if it's possible that the battery failure could have affected the TPM in ways I wouldn't know how to look into.
Thank you all for the help so far