X
Tap here to go to the mobile version of the site.

ஆதரவு மன்றம்

After upgrading to 27.0.1, I can no longer access one secure site. I now get Error code: ssl_error_bad_mac_alert. This worked before the update.

  • 3 replies
  • 16 இந்த பிரச்னைகள் உள்ளது
  • Last reply by Dravic1on
பதிவிடப்பட்டது

I am trying to access the GUI administration page of my wireless controller. It is using a cert issued by the vendor that makes it, so the names do not match. I have created a permanent exception for the certificate. Whenever I try to access the site, I now get the following error every time:

Secure Connection Failed

An error occurred during a connection to 172.24.6.10:4343. SSL peer reports incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_alert)

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

This page worked fine before the most recent update.

Is there a setting or something I can change to allow this page to load?

I am trying to access the GUI administration page of my wireless controller. It is using a cert issued by the vendor that makes it, so the names do not match. I have created a permanent exception for the certificate. Whenever I try to access the site, I now get the following error every time: Secure Connection Failed An error occurred during a connection to 172.24.6.10:4343. SSL peer reports incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_alert) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site. This page worked fine before the most recent update. Is there a setting or something I can change to allow this page to load?

தீர்வு தேர்ந்தெடுக்கப்பட்டது

I've also seen issues reported caused by Firefox using some specific cipher suites that aren't supported properly by the server.

A possibility to test this is to disable all SSL cipher suites on the about:config page (i.e. toggle security.ssl3.* prefs that are true to false) and enable one at the time to see if you can find the culprit and keep this suite disabled and reset the others or continue testing to see which ciphers work.
Do a hard refresh of the tab with the 172.24.6.10:4343 page via Ctrl+F5 after each change.

You can open the about:config page via the location bar.

Read this answer in context 1

Additional System Details

நிறுவப்பட்ட நிரல்கள்

  • Google Update
  • Shockwave Flash 12.0 r0
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.9
  • GEPlugin
  • 5.1.20913.0
  • iTunes Detector Plug-in
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • VMware Remote Console and Client Integration Plug-in
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers

பயன்பாடு

  • User Agent:

கூடுதல் தகவல்

jscher2000
  • Top 10 Contributor
8837 தீர்வுகள் 72222 பதில்கள்
பதிவிடப்பட்டது

I've seen suggestions along the following lines, but haven't really tried to understand this error in detail:

  • Check that computer date and time are current (but if they are wrong, you would have this problem on lots of sites)
  • Power-cycle the router (off and on)
  • Disable Firefox's use of IPv6 addressing (steps) (issue was with a website, not a local device)
  • Check for involvement by your security suite (filtering feature that can go by a variety of names).

On that last point, the more common error code when you expand the "Technical Details" of the error page is:

  • sec_error_untrusted_issuer

A common problem recently is Firefox not being set up to work with your security software. Some security suites include a filtering feature. In order to filter secure connections (HTTPS URLs), the security software presents a fake certificate to Firefox so it can intercept and stand in the middle of the secure connection. To have Firefox trust these certificates, you may need to do something such as import a root certificate, or click something in your security software's settings.

Of course, the problem also could be caused by spyware.

If you have added Exceptions, please check the "Issued by" section on one or two of the exceptions you've made to learn more about the source of this issue.

orange Firefox button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button > Servers tab

Click a certificate and use the View button. The kind of issuer you might find is:

  • Name associated with your security software, such as ESET, BitDefender, etc.
  • Sendori (indicates unwanted software from Sendori)
  • FiddlerRoot (indicates unwanted software named similarly to BrowserSafeguard, BrowserSafe, SafeGuard)
  • Something else

If you have not added Exceptions, you can click the Add Exception button in the error page, then in the dialog click View Certificate or Get Certificate to see the Issued by section. You do not need to finish adding an exception.

What do you see?

I've seen suggestions along the following lines, but haven't really tried to understand this error in detail: * Check that computer date and time are current (but if they are wrong, you would have this problem on lots of sites) * Power-cycle the router (off and on) * Disable Firefox's use of IPv6 addressing ([https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can?#w_ipv6 steps]) (issue was with a website, not a local device) * Check for involvement by your security suite (filtering feature that can go by a variety of names). ---- On that last point, the more common error code when you expand the "Technical Details" of the error page is: * sec_error_untrusted_issuer A common problem recently is Firefox not being set up to work with your security software. Some security suites include a filtering feature. In order to filter secure connections (HTTPS URLs), the security software presents a fake certificate to Firefox so it can intercept and stand in the middle of the secure connection. To have Firefox trust these certificates, you may need to do something such as import a root certificate, or click something in your security software's settings. Of course, the problem also could be caused by spyware. ''If you have added Exceptions,'' please check the "Issued by" section on one or two of the exceptions you've made to learn more about the source of this issue. orange Firefox button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button > Servers tab Click a certificate and use the View button. The kind of issuer you might find is: * Name associated with your security software, such as ESET, BitDefender, etc. * Sendori (indicates unwanted software from Sendori) * FiddlerRoot (indicates unwanted software named similarly to BrowserSafeguard, BrowserSafe, SafeGuard) * Something else ''If you have not added Exceptions,'' you can click the Add Exception button in the error page, then in the dialog click View Certificate or Get Certificate to see the Issued by section. You do not need to finish adding an exception. What do you see?
cor-el
  • Top 10 Contributor
  • Moderator
17677 தீர்வுகள் 159899 பதில்கள்
பதிவிடப்பட்டது

தீர்வு தேர்ந்தெடுக்கப்பட்டது

I've also seen issues reported caused by Firefox using some specific cipher suites that aren't supported properly by the server.

A possibility to test this is to disable all SSL cipher suites on the about:config page (i.e. toggle security.ssl3.* prefs that are true to false) and enable one at the time to see if you can find the culprit and keep this suite disabled and reset the others or continue testing to see which ciphers work.
Do a hard refresh of the tab with the 172.24.6.10:4343 page via Ctrl+F5 after each change.

You can open the about:config page via the location bar.

I've also seen issues reported caused by Firefox using some specific cipher suites that aren't supported properly by the server. A possibility to test this is to disable all SSL cipher suites on the <b>about:config</b> page (i.e. toggle security.ssl3.* prefs that are true to false) and enable one at the time to see if you can find the culprit and keep this suite disabled and reset the others or continue testing to see which ciphers work.<br /> Do a hard refresh of the tab with the 172.24.6.10:4343 page via Ctrl+F5 after each change. You can open the <b>about:config</b> page via the location bar. *http://kb.mozillazine.org/about:config
பதிவிடப்பட்டது

உதவிகரமான பதில்

Thank you both for your suggestions. I had seen the possible solutions of time and ipv6, but those did not help. I cannot recycle the wireless controller, as that would disrupt my business's network too much.

Cor-el, your answer was what worked for me. I went through each security.ssl3. setting like you suggested and found that

security.ssl3.dhe_rsa_des_ede3_sha is where the error was coming from.

With that one set to false, I was able to connect to the admin page again. When I set it back to true, the error comes back.

I also found that specifically any one of the following were needed for teh connection to work as long as the one above was false.

security.ssl3.rsa_aes_128_sha security.ssl3.rsa_aes_256_sha security.ssl3.rsa_des_ede3_sha

so I am leaving the one that caused the error disabled and it is working again.

Thanks!

Thank you both for your suggestions. I had seen the possible solutions of time and ipv6, but those did not help. I cannot recycle the wireless controller, as that would disrupt my business's network too much. Cor-el, your answer was what worked for me. I went through each security.ssl3. setting like you suggested and found that security.ssl3.dhe_rsa_des_ede3_sha is where the error was coming from. With that one set to false, I was able to connect to the admin page again. When I set it back to true, the error comes back. I also found that specifically any one of the following were needed for teh connection to work as long as the one above was false. security.ssl3.rsa_aes_128_sha security.ssl3.rsa_aes_256_sha security.ssl3.rsa_des_ede3_sha so I am leaving the one that caused the error disabled and it is working again. Thanks!