X
Nhấn vào đây để đến phiên bản di động của trang web.

Diễn đàn trợ giúp

Why have some trusted sites stopped loading with Firefox 63?

Được đăng

Ever since I upgraded to Firefox 63, several trusted websites have stopped loading; instead I get sent to an error page with:

Your connection is not secure

The website tried to negotiate an inadequate level of security.

<www.thestar.com> uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. The website administrator will need to fix the server first before you can visit the site.

Error code: NS_ERROR_NET_INADEQUATE_SECURITY


This also occurs with https://download-installer.cdn.mozilla.net/pub/firefox/releases/63.0.1/win32/en-US/Firefox%20Installer.exe

Is the problem at my end or theirs? If the former, what do I need to do to return to the behaviour for FF 62?

Ever since I upgraded to Firefox 63, several trusted websites have stopped loading; instead I get sent to an error page with: Your connection is not secure The website tried to negotiate an inadequate level of security. <www.thestar.com> uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. The website administrator will need to fix the server first before you can visit the site. Error code: NS_ERROR_NET_INADEQUATE_SECURITY This also occurs with https://download-installer.cdn.mozilla.net/pub/firefox/releases/63.0.1/win32/en-US/Firefox%20Installer.exe Is the problem at my end or theirs? If the former, what do I need to do to return to the behaviour for FF 62?

Giải pháp được chọn

This is likely not about cookies, but about renegotiating connection details.

You can check your browser.

Đọc câu trả lời này trong ngữ cảnh 1

Chi tiết hệ thống bổ sung

Ứng dụng

  • Chuỗi đại diện người dùng: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Avast/69.1.867.100

Thông tin chi tiết

FredMcD
  • Top 10 Contributor
4225 giải pháp 58986 câu trả lời
Được đăng
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own. https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message https://support.mozilla.org/en-US/kb/connection-untrusted-error-message [https://support.mozilla.org/en-US/kb/websites-dont-load-troubleshoot-and-fix-errors?redirectlocale=en-US&redirectslug=Error+loading+web+sites Websites don't load - troubleshoot and fix error messages] http://kb.mozillazine.org/Error_loading_websites

Người tạo câu hỏi

Yes, I was aware of that. I have tried disabling HTTPS scanning in Avast, adding an exception for the website, even temporarily disabling the Web Shield completely, but the problem persists.

And it only occurs for Firefox 63; Firefox 62 and below, IE, Chrome, Opera, Palemoon, and Vivaldi all display the websites just fine. Are they all that much less secure than Firefox 63?

(I also see that the CSS and scripts for https://support.mozilla.org are not being loaded, though the HTML is displayed; could this be related?)

Yes, I was aware of that. I have tried disabling HTTPS scanning in Avast, adding an exception for the website, even temporarily disabling the Web Shield completely, but the problem persists. And it only occurs for Firefox 63; Firefox 62 and below, IE, Chrome, Opera, Palemoon, and Vivaldi all display the websites just fine. Are they all that much less secure than Firefox 63? (I also see that the CSS and scripts for https://support.mozilla.org are not being loaded, though the HTML is displayed; could this be related?)
cor-el
  • Top 10 Contributor
  • Moderator
17418 giải pháp 157376 câu trả lời
Được đăng

This error indicates that the server initiates a HTTP/2 connection, but Firefox detects an invalid TLS configuration in the server response. This is likely not an issue with the certificate, but this is a problem with the server setup and there are invalid cipher suites for HTTP/2 claimed (INADEQUATE_SECURITY).

This shouldn't happen with Mozilla websites.

You can check the connection settings.

  • Options/Preferences -> General -> Network: Connection -> Settings

If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.

See "Firefox connection settings":

This error indicates that the server initiates a HTTP/2 connection, but Firefox detects an invalid TLS configuration in the server response. This is likely not an issue with the certificate, but this is a problem with the server setup and there are invalid cipher suites for HTTP/2 claimed (INADEQUATE_SECURITY). This shouldn't happen with Mozilla websites. You can check the connection settings. *Options/Preferences -> General -> Network: Connection -> Settings If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly. See "Firefox connection settings": *https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can

Người tạo câu hỏi

I tried all the proxy settings (none, auto-detect, system), and it made no difference.

Thanks anyway.

I tried all the proxy settings (none, auto-detect, system), and it made no difference. Thanks anyway.
Pj 42 giải pháp 869 câu trả lời
Được đăng

asraskin said

FF 63 Change: "Content blocking added to block third-party tracking cookies or block all trackers."

Check and try different Tracking and Cookie Settings, perhaps?


~Pj

''asraskin [[#answer-1169768|said]]'' <blockquote> </blockquote> FF 63 Change: "''Content blocking added to block third-party tracking cookies or block all trackers''." Check and try different Tracking and Cookie Settings, perhaps? ~Pj

Người tạo câu hỏi

Yeah, I noticed that in the change log and tried both restoring the defaults and opening my browser to all cookies, but neither made a difference.

Yeah, I noticed that in the change log and tried both restoring the defaults and opening my browser to all cookies, but neither made a difference.
FredMcD
  • Top 10 Contributor
4225 giải pháp 58986 câu trả lời
Được đăng

Make sure you are not blocking content.

Start Firefox in Safe Mode {web link} by holding down the <Shift> (Mac=Options) key, and then starting Firefox.

A small dialog should appear. Click Start In Safe Mode (not Refresh). Is the problem still there?


One issue that seems more common lately is Firefox's Tracking Protection feature. When it is blocking content in a page, a shield icon will appear at the left end of the address bar next to the padlock icon. This article has more info on managing this feature: Tracking Protection {web link}

Make sure you are not blocking content. [https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode Start Firefox in Safe Mode] {web link} by holding down the '''<Shift> ''(Mac=Options)''''' key, and then starting Firefox. A small dialog should appear. Click '''Start In Safe Mode''' (not Refresh). Is the problem still there? --------------- One issue that seems more common lately is Firefox's Tracking Protection feature. When it is blocking content in a page, a shield icon will appear at the left end of the address bar next to the padlock icon. This article has more info on managing this feature: [https://support.mozilla.org/en-US/kb/tracking-protection Tracking Protection] {web link}

Người tạo câu hỏi

The problem still occurs in Safe Mode.

And disabling Tracking Protection and cookie blocking similarly had no effect.

This problem is getting worrisome...

The problem still occurs in Safe Mode. And disabling Tracking Protection and cookie blocking similarly had no effect. This problem is getting worrisome...
FredMcD
  • Top 10 Contributor
4225 giải pháp 58986 câu trả lời
Được đăng

Start your Computer in safe mode with network support. Then start Firefox. Try Secure websites. Is the problem still there?

http://encyclopedia2.thefreedictionary.com/Linux+Safe+Mode Starting Any Computer In Safe Mode; Free Online Encyclopedia

Start your '''Computer''' in safe mode with network support. Then start Firefox. Try '''Secure''' websites. Is the problem still there? http://encyclopedia2.thefreedictionary.com/Linux+Safe+Mode Starting Any Computer In Safe Mode; Free Online Encyclopedia
cor-el
  • Top 10 Contributor
  • Moderator
17418 giải pháp 157376 câu trả lời
Được đăng

Giải pháp được chọn

This is likely not about cookies, but about renegotiating connection details.

You can check your browser.

This is likely not about cookies, but about renegotiating connection details. You can check your browser. *https://www.ssllabs.com/ssltest/viewMyClient.html

Người tạo câu hỏi

As expected, starting in Windows Safe Mode didn't help.

Here are the results of the SSL Client Test:

TLS 1.3 and 1.2 (green): Yes TLS 1.1 (black): Yes TLS 1.0 (orange): Yes SSL 3 and 2 (black): No

TLS_AES_128_GCM_SHA256 (0x1301) Forward Secrecy 128 TLS_CHACHA20_POLY1305_SHA256 (0x1303) Forward Secrecy 256 TLS_AES_256_GCM_SHA384 (0x1302) Forward Secrecy 256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Forward Secrecy 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Forward Secrecy 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy 256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256

Server Name Indication (SNI) Yes Secure Renegotiation Yes TLS compression No (green) Session tickets Yes OCSP stapling Yes Signature algorithms SHA256/ECDSA, SHA384/ECDSA, SHA512/ECDSA, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, SHA256/RSA, SHA384/RSA, SHA512/RSA, SHA1/ECDSA, SHA1/RSA Named Groups x25519, secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072 Next Protocol Negotiation No Application Layer Protocol Negotiation Yes h2 http/1.1 SSL 2 handshake compatibility No (green)

As expected, starting in Windows Safe Mode didn't help. Here are the results of the SSL Client Test: TLS 1.3 and 1.2 (green): Yes TLS 1.1 (black): Yes TLS 1.0 (orange): Yes SSL 3 and 2 (black): No TLS_AES_128_GCM_SHA256 (0x1301) Forward Secrecy 128 TLS_CHACHA20_POLY1305_SHA256 (0x1303) Forward Secrecy 256 TLS_AES_256_GCM_SHA384 (0x1302) Forward Secrecy 256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Forward Secrecy 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Forward Secrecy 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy 256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256 Server Name Indication (SNI) Yes Secure Renegotiation Yes TLS compression No (green) Session tickets Yes OCSP stapling Yes Signature algorithms SHA256/ECDSA, SHA384/ECDSA, SHA512/ECDSA, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, SHA256/RSA, SHA384/RSA, SHA512/RSA, SHA1/ECDSA, SHA1/RSA Named Groups x25519, secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072 Next Protocol Negotiation No Application Layer Protocol Negotiation Yes h2 http/1.1 SSL 2 handshake compatibility No (green)

Người tạo câu hỏi

OK, I compared the results for FF 63 and for the Avast Secure Browser, and found one cipher suite that Avast allows but FF does not:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

So I went into about:config and reset security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 to true; now, the problematic websites are displaying properly.

I don't know why it had been set to false, or why everything worked in FF 62 but not in 63, or why the problematic sites required that particular cipher suite.

Thanks to cor-el for providing that link to Qualys SSL Labs' SSL Client Test, and thanks to FredMcD and Pj for their suggestions.

OK, I compared the results for FF 63 and for the Avast Secure Browser, and found one cipher suite that Avast allows but FF does not: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) So I went into about:config and reset security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 to true; now, the problematic websites are displaying properly. I don't know why it had been set to false, or why everything worked in FF 62 but not in 63, or why the problematic sites required that particular cipher suite. Thanks to cor-el for providing that link to Qualys SSL Labs' SSL Client Test, and thanks to FredMcD and Pj for their suggestions.

Được chỉnh sửa bởi asraskin vào

FredMcD
  • Top 10 Contributor
4225 giải pháp 58986 câu trả lời
Được đăng

That was very good work. Well done. Please flag your last post as Solved Problem so others will know.

That was very good work. Well done. Please flag your last post as '''Solved Problem''' so others will know.
Pj 42 giải pháp 869 câu trả lời
Được đăng

asraskin said

  • OK, I compared the results for FF 63 and for the Avast Secure Browser, and found one cipher suite that Avast allows but FF does not:
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
  • So I went into about:config and reset security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 to true; now, the problematic websites are displaying properly.
  • I don't know why it had been set to false, or why everything worked in FF 62 but not in 63, or why the problematic sites required that particular cipher suite.

Dude! Way to go! Slap me a Digital High-Five!

I don't think I'd thunk of that, now that I think about the thunk for thinking. Something like that. (Grin)


~Pj

''asraskin [[#answer-1170532|said]]'' <blockquote> * OK, I compared the results for FF 63 and for the Avast Secure Browser, and found one cipher suite that Avast allows but FF does not: * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) * So I went into about:config and reset security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 to true; now, the problematic websites are displaying properly. * I don't know why it had been set to false, or why everything worked in FF 62 but not in 63, or why the problematic sites required that particular cipher suite. </blockquote> Dude! Way to go! Slap me a Digital High-Five! I don't think I'd thunk of that, now that I think about the thunk for thinking. Something like that. (Grin) ~Pj

Được chỉnh sửa bởi Pj vào