X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Would like to get to this web site https://www.vermontfederal.org/home/home always did, not now, message SSL_ERROR_NO_CYPHER_OVERLAP

Kuphostiwe

I can't get to my bank's website, where I used to go for many years. the site is:

https://www.vermontfederal.org/home/home   

I get message of Error: SSL_ERROR_NO_CYPHER_OVERLAP

It just happened out of nowhere. Thank you for help I can't change to newer browser, because I would have to change to newer system software on my Mac and would loose lots of software installed years ago which I like. The system on my Mac is OS 10.8.5 Evzen Holas

I can't get to my bank's website, where I used to go for many years. the site is: https://www.vermontfederal.org/home/home I get message of Error: SSL_ERROR_NO_CYPHER_OVERLAP It just happened out of nowhere. Thank you for help I can't change to newer browser, because I would have to change to newer system software on my Mac and would loose lots of software installed years ago which I like. The system on my Mac is OS 10.8.5 Evzen Holas

Eminye Imininingwane Yohlelo

Fakela amapulagi

  • Displays Java applet content, or a placeholder if Java is not installed.
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.
  • Shockwave Flash 22.0 r0
  • iPhoto6

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:48.0) Gecko/20100101 Firefox/48.0

Eminye Imininingwane

jscher2000
  • Top 10 Contributor
8695 izisombululo 71066 izimpendulo
Kuphostiwe

Hi Evzen, many banks are tightening up their connection requirements, and you are running a very old version of Firefox that doesn't have the latest ciphers built-in.

The following page shows the bank has very strict connection requirements:

  • TLS 1.2 only (not 1.0 or 1.1)
  • One of these two ciphers:
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

https://www.ssllabs.com/ssltest/analyze.html?d=www.vermontfederal.org

Apparently Firefox 48 can't do that. Have you tried Safari?

Hi Evzen, many banks are tightening up their connection requirements, and you are running a very old version of Firefox that doesn't have the latest ciphers built-in. The following page shows the bank has very strict connection requirements: * TLS 1.2 only (not 1.0 or 1.1) * One of these two ciphers: ** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 https://www.ssllabs.com/ssltest/analyze.html?d=www.vermontfederal.org Apparently Firefox 48 can't do that. Have you tried Safari?
TyDraniu
  • Top 25 Contributor
316 izisombululo 1780 izimpendulo
Kuphostiwe

Enter about:config in the URL bar and check values of security.tls.version.min and security.tls.version.max. Try to set security.tls.version.max = 3.

Enter ''about:config'' in the URL bar and check values of '''security.tls.version.min''' and '''security.tls.version.max'''. Try to set ''security.tls.version.max'' = 3.

Okulungisiwe ngu TyDraniu

jscher2000
  • Top 10 Contributor
8695 izisombululo 71066 izimpendulo
Kuphostiwe

In current Firefox, you also would want the following enabled. I don't know whether it exists in Firefox 48:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste gcm and pause while the list is filtered

(3) If the security.ssl3.ecdhe_rsa_aes_256_gcm_sha384 preference is bolded and "modified" or "user set" to false, double-click it to restore the default value of true

If it's missing completely, well, there's yer trouble.

In current Firefox, you also would want the following enabled. I don't know whether it exists in Firefox 48: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk. (2) In the search box above the list, type or paste '''gcm''' and pause while the list is filtered (3) If the '''security.ssl3.ecdhe_rsa_''aes_256''_gcm_''sha384''''' preference is bolded and "modified" or "user set" to false, double-click it to restore the default value of true If it's missing completely, well, there's yer trouble.

Umnikazi wombuzo

To my helpers I can't use safari, I would have to update system software, which I do not want to do. (because thenewer once suck) My security.tls.version.max. is by default set to 3 And security.ssl3.ecdhe_rsa_aes_256_gcm_sha384, I do not have there, I have security.ssl3.ecdhe_rsa_aes_128_gcm_sha256

Thank you for trying. Is there any hope. It just happened out of nowhere, I was fine with this for years and other websites , like Pay Pal etc work

To my helpers I can't use safari, I would have to update system software, which I do not want to do. (because thenewer once suck) My security.tls.version.max. is by default set to 3 And security.ssl3.ecdhe_rsa_aes_256_gcm_sha384, I do not have there, I have security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 Thank you for trying. Is there any hope. It just happened out of nowhere, I was fine with this for years and other websites , like Pay Pal etc work
jscher2000
  • Top 10 Contributor
8695 izisombululo 71066 izimpendulo
Kuphostiwe

Since Firefox 48 cannot connect directly -- it doesn't have either of the required ciphers -- you would need to connect indirectly through a proxy. The proxy would accept your lower security connection, and would make a higher security connection with the target website.

Common proxies include security programs that intercept and filter your web connection, but I don't know if they will work in this situation. You could test one out, just be aware that you may need to restart your system or use an option in the software to set up Firefox to trust it (proxies generate fake website certificates). This help article lists some of the common ones: How to troubleshoot security error codes on secure websites.

Since Firefox 48 cannot connect directly -- it doesn't have either of the required ciphers -- you would need to connect indirectly through a proxy. The proxy would accept your lower security connection, and would make a higher security connection with the target website. Common proxies include security programs that intercept and filter your web connection, but I don't know if they will work in this situation. You could test one out, just be aware that you may need to restart your system or use an option in the software to set up Firefox to trust it (proxies generate fake website certificates). This help article lists some of the common ones: [[How to troubleshoot security error codes on secure websites]].