SSL_ERROR_NO_CYPHER_OVERLAP when visiting archive.is
I get this error message when visiting archive.is and archive.fo
Giải pháp được chọn
Firefox uses this cipher suite by default.
Connection Encrypted (TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128 bit keys, TLS 1.2)
If I disable this cipher suite then the connection switches to
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- Tools -> Page Info -> Security
Tất cả các câu trả lời (4)
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate.
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
http://kb.mozillazine.org/Error_loading_websites
SSL_ERROR_NO_CYPHER_OVERLAP
Your server apparently doesn't offer any cipher suites necessary to establish a
secure https connection that are supported in Firefox. You can check what kind
of cipher suites Firefox can make use of by visiting;
https://www.ssllabs.com/ssltest/viewMyClient.html
I have no anti virus software installed.
Results of the SSL labs test
Protocol Support Your user agent has good protocol support. Your user agent supports TLS 1.2, which is recommended protocol version at the moment. Experimental: Your user agent supports TLS 1.3. Logjam Vulnerability Your user agent is not vulnerable. For more information about the Logjam attack, please go to weakdh.org. To test manually, click here. Your user agent is not vulnerable if it fails to connect to the site. FREAK Vulnerability Your user agent is not vulnerable. For more information about the FREAK attack, please go to www.freakattack.com. To test manually, click here. Your user agent is not vulnerable if it fails to connect to the site. POODLE Vulnerability Your user agent is not vulnerable. For more information about the POODLE attack, please read this blog post. Protocol Features Protocols TLS 1.3 Yes TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 Yes SSL 3 No SSL 2 No
Cipher Suites (in order of preference)
TLS_AES_128_GCM_SHA256 (0x1301) Forward Secrecy 128
TLS_CHACHA20_POLY1305_SHA256 (0x1303) Forward Secrecy 256
TLS_AES_256_GCM_SHA384 (0x1302) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK 112
(1) When a browser supports SSL 2, its SSL 2-only suites are shown only on the very first connection to this site. To see the suites, close all browser windows, then open this exact page directly. Don't refresh.
Protocol Details
Server Name Indication (SNI) Yes
Secure Renegotiation Yes
TLS compression No
Session tickets Yes
OCSP stapling Yes
Signature algorithms SHA256/ECDSA, SHA384/ECDSA, SHA512/ECDSA, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, SHA256/RSA, SHA384/RSA, SHA512/RSA, SHA1/ECDSA, SHA1/RSA
Named Groups x25519, secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072
Next Protocol Negotiation No
Application Layer Protocol Negotiation Yes h2 http/1.1
SSL 2 handshake compatibility No
Mixed Content Handling Mixed Content Tests Images Passive Yes CSS Active No Scripts Active No XMLHttpRequest Active No WebSockets Active No Frames Active No (1) These tests might cause a mixed content warning in your browser. That's expected. (2) If you see a failed test, try to reload the page. If the error persists, please get in touch.
Related Functionality Upgrade Insecure Requests request header (more info) Yes
Thanks for the reply
I called for more help.
Giải pháp được chọn
Firefox uses this cipher suite by default.
Connection Encrypted (TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128 bit keys, TLS 1.2)
If I disable this cipher suite then the connection switches to
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- Tools -> Page Info -> Security