X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

I get ssl_error_no_cypher_overlap error accessing our internal web sites. It works on FF 24.8.1 but I get error with 38.3. Verified no chages in about:config

Kuphostiwe

It works on IE and FF 24.8.1 but I get error with 38.3.

I have verified there are no chages in about:config.

I have tried to change the enforcement (security.cert_pinning.enforcement_level) to 0 and it did not work. Set it back to 1.

IE and FF 24.8.1 both ask to add the exception. FF 38.3 does not.

I am running on Win2008 R2.

It works on IE and FF 24.8.1 but I get error with 38.3. I have verified there are no chages in about:config. I have tried to change the enforcement (security.cert_pinning.enforcement_level) to 0 and it did not work. Set it back to 1. IE and FF 24.8.1 both ask to add the exception. FF 38.3 does not. I am running on Win2008 R2.

Eminye Imininingwane Yohlelo

Fakela amapulagi

  • ActiveTouch General Plugin Container Version 105
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.15
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.60.2 for Mozilla browsers
  • The plugin allows you to have a better experience with Microsoft SharePoint
  • Shockwave Flash 19.0.0.185
  • VMware Remote Console Plug-in

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0

Eminye Imininingwane

jscher2000
  • Top 10 Contributor
8643 izisombululo 70728 izimpendulo
Kuphostiwe

Since we can't get hands on with this site...

I assume all Firefox users get this on the internal sites, even with newer and non-server versions of Windows?

If you open Firefox's Web Console in the lower part of the tab, either

  • Ctrl+Shift+k or
  • "3-bar" menu button > Developer > Web Console

then reload the error page, does the console provide any additional detail about the problem?

And/or, do you have Google Chrome installed? If you visit the site in Google Chrome, click the padlock icon in the address bar, and then "Connection" on the drop-down panel, could you post its diagnosis of the strength of the site's security? That may flag up an issue that Firefox is not explaining as well as it could.

Since we can't get hands on with this site... I assume all Firefox users get this on the internal sites, even with newer and non-server versions of Windows? If you open Firefox's Web Console in the lower part of the tab, either * Ctrl+Shift+k or * "3-bar" menu button > Developer > Web Console then reload the error page, does the console provide any additional detail about the problem? And/or, do you have Google Chrome installed? If you visit the site in Google Chrome, click the padlock icon in the address bar, and then "Connection" on the drop-down panel, could you post its diagnosis of the strength of the site's security? That may flag up an issue that Firefox is not explaining as well as it could.
cor-el
  • Top 10 Contributor
  • Moderator
17425 izisombululo 157456 izimpendulo
Kuphostiwe

What connection settings are used if you check the Security tab in the Network Monitor (3-bar Menu button or Tools > Web Developer) in Firefox 38?

What connection settings are used if you check the Security tab in the Network Monitor (3-bar Menu button or Tools > Web Developer) in Firefox 38? *https://developer.mozilla.org/en-US/docs/Tools/Network_Monitor#Security

Umnikazi wombuzo

Nothing shows up in the Console window

Nothing shows up in the Console window

Umnikazi wombuzo

I do not get the "Security Tab".

I do not get the "Security Tab".

Umnikazi wombuzo

We are not allowed to load Google Chrome.  :-(

We are not allowed to load Google Chrome. :-(
jscher2000
  • Top 10 Contributor
8643 izisombululo 70728 izimpendulo
Kuphostiwe

dooley0008 said

I do not get the "Security Tab".

The security tab should appear on the right side (after various other tabs such as Rules, Computed...) if you click an HTTPS connection in the Network Monitor. (It was added in Firefox 37, so should be in your version.) If that connection does not appear, try reloading the page in the top part of the tab.

''dooley0008 [[#answer-844954|said]]'' <blockquote> I do not get the "Security Tab". </blockquote> The security tab should appear on the right side (after various other tabs such as Rules, Computed...) if you click an HTTPS connection in the Network Monitor. (It was added in Firefox 37, so should be in your version.) If that connection does not appear, try reloading the page in the top part of the tab.

Umnikazi wombuzo

I did that with the same result. See pic.

I did that with the same result. See pic.
jscher2000
  • Top 10 Contributor
8643 izisombululo 70728 izimpendulo
Kuphostiwe

But if you click that row, no Security tab appears on the right?

Also, you may want to edit that image since it lists the server address in the blue title bar area.

But if you click that row, no Security tab appears on the right? Also, you may want to edit that image since it lists the server address in the blue title bar area.
cor-el
  • Top 10 Contributor
  • Moderator
17425 izisombululo 157456 izimpendulo
Kuphostiwe

The Security tab is only there if you connect via a secure HTTPS connection and not if you use an open HTTP connection.

The Security tab is only there if you connect via a secure HTTPS connection and not if you use an open HTTP connection.

Umnikazi wombuzo

An error occurred during a connection to east-web.mt.att.com:9443.

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

An error occurred during a connection to east-web.mt.att.com:9443. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

Umnikazi wombuzo

I over layed the address with the name on the pic and messages. Thanks for thinking about that.

I over layed the address with the name on the pic and messages. Thanks for thinking about that.

Umnikazi wombuzo

I did not click on the line. Once I did it appeared.

I did not click on the line. Once I did it appeared.

Umnikazi wombuzo

jscher - do you want a private conversation? I may be able to show you my screen.

jscher - do you want a private conversation? I may be able to show you my screen.
jscher2000
  • Top 10 Contributor
8643 izisombululo 70728 izimpendulo
Kuphostiwe

Impendulo Ewusizo

Hmm, that doesn't tell us anything new.

If this is an old IIS server, it's possible that it only supports RC4 ciphers, which Firefox deprecated around the release of Firefox 38. What happens if you toggle this setting:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste rc4 and pause while the list is filtered

(3) Double-click the security.tls.unrestricted_rc4_fallback preference to switch it from the default value of false to true

You may need to clear cache before this takes effect on a server Firefox previously refused to connect to. See: How to clear the Firefox cache.

Hmm, that doesn't tell us anything new. If this is an old IIS server, it's possible that it only supports RC4 ciphers, which Firefox deprecated around the release of Firefox 38. What happens if you toggle this setting: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful. (2) In the search box above the list, type or paste '''rc4''' and pause while the list is filtered (3) Double-click the '''security.tls.unrestricted_rc4_fallback''' preference to switch it from the default value of false to true You may need to clear cache before this takes effect on a server Firefox previously refused to connect to. See: [[How to clear the Firefox cache]].

Umnikazi wombuzo

It was already set to "true" by default. All the rc4 options are true by default.

It was already set to "true" by default. All the rc4 options are true by default.
jscher2000
  • Top 10 Contributor
8643 izisombululo 70728 izimpendulo
Kuphostiwe

dooley0008 said

It was already set to "true" by default. All the rc4 options are true by default.

Hmm, that setting might be unique to the ESR release. (It's normal for the others to be true by default.)

There were just so many changes between Firefox 24 and 38, which was quite a while ago, so I can't remember all the possible fixes. Here's one I found in a search that made Firefox 37 behave more like Firefox 36 with the combination of TLS 1.0 + RC4 cipher:

(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character, and not including either of those.

(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(3) In the search box above the list, type or paste tls and pause while the list is filtered

(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.

Then try reloading the site.

''dooley0008 [[#answer-844967|said]]'' <blockquote> It was already set to "true" by default. All the rc4 options are true by default. </blockquote> Hmm, that setting might be unique to the ESR release. (It's normal for the others to be true by default.) There were just so many changes between Firefox 24 and 38, which was quite a while ago, so I can't remember all the possible fixes. Here's one I found in a search that made Firefox 37 behave more like Firefox 36 with the combination of TLS 1.0 + RC4 cipher: (1) Copy the host name of the server address. This is the part ''between'' the https:// protocol and the next / character, and not including either of those. (2) In a new tab, type or paste '''about:config''' in the address bar and press Enter. Click the button promising to be careful. (3) In the search box above the list, type or paste '''tls''' and pause while the list is filtered (4) Double-click the '''security.tls.insecure_fallback_hosts''' preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change. Then try reloading the site.

Umnikazi wombuzo

Same result

Same result

Umnikazi wombuzo

Here are the tls options

Here are the tls options
cor-el
  • Top 10 Contributor
  • Moderator
17425 izisombululo 157456 izimpendulo
Kuphostiwe

Does that server support TLS 1.0 and higher or only SSL3?

What does it say in "Tools > Page Info > Security" in Firefox 24?

The SSleuth works from Firefox 25 and later, so won't of much use either just like the Network Monitor.

Does that server support TLS 1.0 and higher or only SSL3? What does it say in "Tools > Page Info > Security" in Firefox 24? The SSleuth works from Firefox 25 and later, so won't of much use either just like the Network Monitor. * https://addons.mozilla.org/firefox/addon/ssleuth
cor-el
  • Top 10 Contributor
  • Moderator
17425 izisombululo 157456 izimpendulo
Kuphostiwe

Does Google Chrome work on your operating system?

Does Google Chrome work on your operating system?