X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Version 37.0.1 - Secure Connection failed.

Kuphostiwe

Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled.

We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html.

What would be causing this problem and how might it best be resolved?

Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled. We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html. What would be causing this problem and how might it best be resolved?

Eminye Imininingwane Yohlelo

Fakela amapulagi

  • Adobe PDF Plug-In For Firefox and Netscape 11.0.10
  • Citrix Online App Detector Plugin
  • plugin
  • GEPlugin
  • Google Update
  • Intel web components updater - Installs and updates the Intel web components
  • Intel web components for Intel® Identity Protection Technology
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers
  • Shockwave Flash 17.0 r0
  • Yahoo Application State Plugin version 1.0.0.7

Isisebenziso

  • Firefox 37.0.1
  • Umsebenzisi oyi-ejenti: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
  • I-URL Yokweseka: https://support.mozilla.org/1/firefox/37.0.1/WINNT/en-US/

Izandiso

  • Adblock Plus 2.6.9 ({d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d})
  • Clear Cache Button 0.9f ({563e4790-7e70-11da-a72b-0800200c9a66})
  • E-Web Print 1.19.00 (e-webprint@epson.com)
  • Firebug 2.0.9 (firebug@software.joehewitt.com)
  • Avast Online Security 10.2.0.187 (wrc@avast.com) (Akusebenzi)
  • FiddlerHook 2.4.8.3 (fiddlerhook@fiddler2.com) (Akusebenzi)

I-Javascript

  • incrementalGCEnabled: True

Imidwebo

  • adapterDescription: Intel(R) HD Graphics 4000
  • adapterDescription2:
  • adapterDeviceID: 0x0166
  • adapterDeviceID2:
  • adapterDrivers: igdumd64 igd10umd64 igd10umd64 igdumd32 igd10umd32 igd10umd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterSubsysID: 397717aa
  • adapterSubsysID2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.2.9200.16571
  • driverDate: 12-12-2012
  • driverDate2:
  • driverVersion: 9.17.10.2932
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d 1.1', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics 4000 Direct3D11 vs_5_0 ps_5_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Okuthandwayo Okulungisiwe

Misc

  • Umsebenzisi JS: Cha
  • Ukufinyeleleka: Cha
user293 39 izisombululo 279 izimpendulo
Kuphostiwe

What is the address of your site?

What is the address of your site?
cor-el
  • Top 10 Contributor
  • Moderator
17519 izisombululo 158412 izimpendulo
Kuphostiwe

Can you post a link or the domain, so we can check the certificate?

What happens if you add the domain to the security.tls.insecure_fallback_hosts pref?

Did you check the Browser Console (Firefox/Tools > Web Developer) for error messages?

Note that SSL3 shouldn't be used these days and signing with SHA-256 is preferred.


The website may try to fallback to TLS 1.0 in a way that is no longer allowed in current releases or may be using or offering deprecated cipher suites.

You can open the about:config page via the location/address bar and use its search bar to locate this pref:

  • security.tls.insecure_fallback_hosts

You can double-click the line to modify the pref and add the full domain to this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). You should only see domains separated by a comma in the value column.


Can you post a link or the domain, so we can check the certificate? What happens if you add the domain to the security.tls.insecure_fallback_hosts pref? Did you check the Browser Console (Firefox/Tools > Web Developer) for error messages? *https://developer.mozilla.org/Tools/Browser_Console Note that SSL3 shouldn't be used these days and signing with SHA-256 is preferred. *https://wiki.mozilla.org/Security/Server_Side_TLS ---- The website may try to fallback to TLS 1.0 in a way that is no longer allowed in current releases or may be using or offering deprecated cipher suites. You can open the <b>about:config</b> page via the location/address bar and use its search bar to locate this pref: *security.tls.insecure_fallback_hosts You can double-click the line to modify the pref and add the full domain to this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). You should only see domains separated by a comma in the value column. ---- *https://developer.mozilla.org/en-US/Firefox/Releases/36/Site_Compatibility#Security *https://developer.mozilla.org/en-US/Firefox/Releases/37/Site_Compatibility#Security
jscher2000
  • Top 10 Contributor
8758 izisombululo 71655 izimpendulo
Kuphostiwe

If it's the domain matching your username, your ciphers are limited to RC4 ciphers. Starting in Firefox 36, this generated a warning icon in the address bar (exclamation triangle) as Firefox no longer considers it secure. However, I'm not sure what accounts for the more severe message you're getting now if the site supports TLS 1.2.

If it's the domain matching your username, your ciphers are limited to RC4 ciphers. Starting in Firefox 36, this generated a warning icon in the address bar (exclamation triangle) as Firefox no longer considers it secure. However, I'm not sure what accounts for the more severe message you're getting now if the site supports TLS 1.2.

Umnikazi wombuzo

theswingsite said

Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled. We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html. What would be causing this problem and how might it best be resolved?


'What happens if you add the domain to the security.tls.insecure_fallback_hosts pref? It works

It also works if I do the following Setting security.tls.version.fallback-limit to '0'

TLS 1.0 currently enabled for "server" no "client" registry entry


The Site is https://www.theswingsite.com

''theswingsite [[#question-1058196|said]]'' <blockquote> Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled. We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html. What would be causing this problem and how might it best be resolved? </blockquote> '''What happens if you add the domain to the security.tls.insecure_fallback_hosts pref?'' It works It also works if I do the following Setting security.tls.version.fallback-limit to '0' TLS 1.0 currently enabled for "server" no "client" registry entry The Site is https://www.theswingsite.com

Umnikazi wombuzo

theswingsite said

Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled. We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html. What would be causing this problem and how might it best be resolved?


NOTE: This never happened in pre "37.0.0" releases, nor do other browsers have a problem.

''theswingsite [[#question-1058196|said]]'' <blockquote> Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled. We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html. What would be causing this problem and how might it best be resolved? </blockquote> NOTE: This never happened in pre "37.0.0" releases, nor do other browsers have a problem.

Umnikazi wombuzo

theswingsite said

Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled. We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html. What would be causing this problem and how might it best be resolved?


One more piece of the puzzle. My Windows Server 2008R2 event log is showing.

An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server

''theswingsite [[#question-1058196|said]]'' <blockquote> Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled. We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html. What would be causing this problem and how might it best be resolved? </blockquote> One more piece of the puzzle. My Windows Server 2008R2 event log is showing. An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server
jscher2000
  • Top 10 Contributor
8758 izisombululo 71655 izimpendulo
Kuphostiwe

theswingsite said

'What happens if you add the domain to the security.tls.insecure_fallback_hosts pref? It works It also works if I do the following Setting security.tls.version.fallback-limit to '0'

That does not work for me on your site (trying to login as user asdf). Not sure what's going on.

''theswingsite [[#answer-719805|said]]'' <blockquote> '''What happens if you add the domain to the security.tls.insecure_fallback_hosts pref?'' It works It also works if I do the following Setting security.tls.version.fallback-limit to '0'</blockquote> That does not work for me on your site (trying to login as user asdf). Not sure what's going on.

Umnikazi wombuzo

theswingsite said

Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled. We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html. What would be causing this problem and how might it best be resolved?


I attached an image of what IISCrypto is reporting .

''theswingsite [[#question-1058196|said]]'' <blockquote> Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled. We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html. What would be causing this problem and how might it best be resolved? </blockquote> I attached an image of what IISCrypto is reporting .

Umnikazi wombuzo

Any thoughts? Do FireFox developers respond here?

Nothing I try seems to resolve this problem.   I need to know WHAT changed in Version 37, as I've never had this problem in the last 8 years.
Any thoughts? Do FireFox developers respond here? Nothing I try seems to resolve this problem. I need to know WHAT changed in Version 37, as I've never had this problem in the last 8 years.
jscher2000
  • Top 10 Contributor
8758 izisombululo 71655 izimpendulo
Kuphostiwe

Firefox developers generally do not monitor this forum.

I'm not very skilled at searching the bug database, but it appears there were approximately/at least 49 changes related to TLS in Firefox 37: https://bugzilla.mozilla.org/buglist.cgi?list_id=12203346&resolution=FIXED&query_format=advanced&component=Security%3A%20PSM&target_milestone=mozilla37&f2=cf_status_firefox37&bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&limit=0

I can't tell which, if any, of those is causing the issue. There is a somewhat standard approach to tracking down problem change sets which is to look for a regression range, but this is somewhat time-consuming. See: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Mozmill/How_to_do_regression_testing

Firefox developers generally do not monitor this forum. I'm not very skilled at searching the bug database, but it appears there were approximately/at least 49 changes related to TLS in Firefox 37: https://bugzilla.mozilla.org/buglist.cgi?list_id=12203346&resolution=FIXED&query_format=advanced&component=Security%3A%20PSM&target_milestone=mozilla37&f2=cf_status_firefox37&bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&limit=0 I can't tell which, if any, of those is causing the issue. There is a somewhat standard approach to tracking down problem change sets which is to look for a regression range, but this is somewhat time-consuming. See: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Mozmill/How_to_do_regression_testing