X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT on specific website

Kuphostiwe

Hi there,

I'm trying to troubleshoot an issue that seems to be specific to FireFox and a specific website.

If you browse to www.denali.gov with FireFox, and then on the right side of the page click on "Denali Commission Project Database", FireFox will first pop up a message that says: "Your connection is not secure"

Here is a direct link to the page: https://www.denali.gov/dcpdb/index.cfm?nossl=true&fuseAction=Indicators.ShowProjectMapLink

Then if you click on Advanced and click the "(Not secure) Try loading www.denali.gov using outdated security" that page will fail to load with the following error message:

"An error occurred during a connection to www.denali.gov. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports. Error code: SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT"

Before anyone says "have you tried searching our forums or Google?", I've been researching this issue for the past hour and have not been able to come up with a solution. I checked the TSL settings on the "about:config" page and changed the version.min settings, but that does not fix the problem.

I have not been able to come up with anything, and so I turn to you guys... :-)


Has anyone seen this issue before and has a fix? The error is easily reproducible: Browse to the page using FireFox and I'm sure you'll see the same error.

However, the page loads fine in other browsers. Except, I don't want to use other browsers; I want to use FireFox.

Hi there, I'm trying to troubleshoot an issue that seems to be specific to FireFox and a specific website. If you browse to www.denali.gov with FireFox, and then on the right side of the page click on "Denali Commission Project Database", FireFox will first pop up a message that says: "Your connection is not secure" Here is a direct link to the page: https://www.denali.gov/dcpdb/index.cfm?nossl=true&fuseAction=Indicators.ShowProjectMapLink Then if you click on Advanced and click the "(Not secure) Try loading www.denali.gov using outdated security" that page will fail to load with the following error message: "An error occurred during a connection to www.denali.gov. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports. Error code: SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT" Before anyone says "have you tried searching our forums or Google?", I've been researching this issue for the past hour and have not been able to come up with a solution. I checked the TSL settings on the "about:config" page and changed the version.min settings, but that does not fix the problem. I have not been able to come up with anything, and so I turn to you guys... :-) Has anyone seen this issue before and has a fix? The error is easily reproducible: Browse to the page using FireFox and I'm sure you'll see the same error. However, the page loads fine in other browsers. Except, I don't want to use other browsers; I want to use FireFox.

Isisombululo esikhethiwe

Hmm, I get "SSL_ERROR_NO_CYPHER_OVERLAP" and then a link that says "(Not secure) Try loading www.denali.gov using outdated security" and then when I try that I get the "SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT" error.

I think the real problem might be no ciphers in common between the server and Firefox. That's a problem I can't work around. Chrome (on my system, at least) supports just one of the site's four ciphers (bolded):

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)

Hopefully the operators of the site will add some other ciphers so more browsers can connect.

Funda le mpendulo ngokuhambisana nalesi sihloko 1

Eminye Imininingwane Yohlelo

Fakela amapulagi

  • Adobe PDF Plug-In For Firefox and Netscape 15.16.20039
  • Google Update
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.91.2 for Mozilla browsers
  • The plugin allows you to have a better experience with Microsoft Lync
  • The plugin allows you to have a better experience with Microsoft SharePoint
  • Shockwave Flash 21.0 r0
  • VMware Remote Console Plug-in
  • iTunes Detector Plug-in

Isisebenziso

  • Firefox 46.0.1
  • Umsebenzisi oyi-ejenti: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
  • I-URL Yokweseka: https://support.mozilla.org/1/firefox/46.0.1/WINNT/en-US/

Izandiso

  • Adblock Plus 2.7.3 ({d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d})
  • Firefox Hello Beta 1.3.2 (loop@mozilla.org)
  • Ghostery 6.2.0 (firefox@ghostery.com)
  • Multi-process staged rollout 1.0 (e10srollout@mozilla.org)
  • Pocket 1.0 (firefox@getpocket.com)

I-Javascript

  • incrementalGCEnabled: True

Imidwebo

  • adapterDescription: AMD Radeon(TM) R5 240
  • adapterDescription2:
  • adapterDeviceID: 0x6611
  • adapterDeviceID2:
  • adapterDrivers: aticfx64 aticfx64 aticfx64 amdxc64 aticfx32 aticfx32 aticfx32 amdxc32 atiumd64 atidxx64 atidxx64 atiumdag atidxx32 atidxx32 atiumdva atiumd6a atitmm64
  • adapterDrivers2:
  • adapterRAM: 1024
  • adapterRAM2:
  • adapterSubsysID: 210b1028
  • adapterSubsysID2:
  • adapterVendorID: 0x1002
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 10.0.10586.0
  • driverDate: 3-21-2016
  • driverDate2:
  • driverVersion: 16.150.2211.0
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d 1.1', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • supportsHardwareH264: Yes
  • webglRenderer: Google Inc. -- ANGLE (AMD Radeon(TM) R5 240 Direct3D11 vs_5_0 ps_5_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Okuthandwayo Okulungisiwe

Misc

  • Umsebenzisi JS: Cha
  • Ukufinyeleleka: Cha
FredMcD
  • Top 10 Contributor
4259 izisombululo 59635 izimpendulo
Kuphostiwe

I tried the link from the main page and got this; The owner of www.denali.gov has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

I've called the big guys to help you. Good luck.

There is security software like Avast and Kaspersky and BitDefender and ESET that intercept secure connections and send their own certificate.

http://www.ehow.com/how_11385212_troubleshoot-reset-connection-firefox.html

https://support.mozilla.org/en-US/kb/server-not-found-connection-problem

https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can

https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message

https://support.mozilla.org/en-US/kb/connection-untrusted-error-message

http://kb.mozillazine.org/Error_loading_websites

https://support.mozilla.org/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

This Connection is Untrusted is sometimes caused because the computer system clock is wrong. Check the time / date / time zone settings.

I tried the link from the main page and got this; The owner of www.denali.gov has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. I've called the big guys to help you. Good luck. There is security software like Avast and Kaspersky and BitDefender and ESET that intercept secure connections and send their own certificate. http://www.ehow.com/how_11385212_troubleshoot-reset-connection-firefox.html https://support.mozilla.org/en-US/kb/server-not-found-connection-problem https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message https://support.mozilla.org/en-US/kb/connection-untrusted-error-message '''http://kb.mozillazine.org/Error_loading_websites''' https://support.mozilla.org/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER '''This Connection is Untrusted''' is sometimes caused because the computer system clock is wrong. Check the time / date / time zone settings.

Impendulo Ewusizo

Hi FredMcD. When you get that message, you can go to "Advanced" and then try to connect not secure to get the SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT error.

Other browsers are able to connect just fine. It's not a timing issue either, unless your own computer clock is wrong as well. This error shows on every machine with FireFox (but not in Chrome or IE).

Hi FredMcD. When you get that message, you can go to "Advanced" and then try to connect not secure to get the SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT error. Other browsers are able to connect just fine. It's not a timing issue either, unless your own computer clock is wrong as well. This error shows on every machine with FireFox (but not in Chrome or IE).
James
  • Top 25 Contributor
  • Moderator
1598 izisombululo 11289 izimpendulo
Kuphostiwe

Impendulo Ewusizo

https://www.ssllabs.com/ssltest/analyze.html?d=www.denali.gov&hideResults=on

Umnikazi wombuzo

Hi James. Thanks for that. So, if I understand that correctly those results are showing an issue with the website itself? Not something caused by FireFox?

Hi James. Thanks for that. So, if I understand that correctly those results are showing an issue with the website itself? Not something caused by FireFox?
jscher2000
  • Top 10 Contributor
8772 izisombululo 71718 izimpendulo
Kuphostiwe

Isisombululo Esikhethiwe

Hmm, I get "SSL_ERROR_NO_CYPHER_OVERLAP" and then a link that says "(Not secure) Try loading www.denali.gov using outdated security" and then when I try that I get the "SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT" error.

I think the real problem might be no ciphers in common between the server and Firefox. That's a problem I can't work around. Chrome (on my system, at least) supports just one of the site's four ciphers (bolded):

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)

Hopefully the operators of the site will add some other ciphers so more browsers can connect.

Hmm, I get "SSL_ERROR_NO_CYPHER_OVERLAP" and then a link that says "(Not secure) Try loading www.denali''.''gov using outdated security" and then when I try that I get the "SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT" error. I think the real problem might be no ciphers in common between the server and Firefox. That's a problem I can't work around. Chrome (on my system, at least) supports just one of the site's four ciphers (bolded): TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) '''TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)''' TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) Hopefully the operators of the site will add some other ciphers so more browsers can connect.

Umnikazi wombuzo

Hi everyone; thanks for all your help!

Turns out it was the website, not FireFox. Apparently FF doesn't support as wide of an SSL cipher list as Chrome/IE do. That has been fixed on the website, so it's all good now.

Hi everyone; thanks for all your help! Turns out it was the website, not FireFox. Apparently FF doesn't support as wide of an SSL cipher list as Chrome/IE do. That has been fixed on the website, so it's all good now.