Problem with 'require safe negotiation'
I tried to make a purchase and during one of the redirects Firefox reported that it was unable to establish safe negotiation (error code: SSL_ERROR_UNSAFE_NEGOTIATION). The site that had the problem is https://secure5.arcot.com/ . I have security.ssl.require_safe_negotiation set to true. However, if I set it to false and go to that site, Firefox reports that it uses "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2". I am not an expert in ciphers/TLS but the version seems sufficiently new.
I would like to report the problem but I need to know whom to report it. So far, it seems like a Firefox bug. However, I am not a security expect and, perhaps, the site is using a different obsolete SSL version to negotiate. How can I determine what exactly caused the failure?
Modified
الحل المُختار
Hi, sorry to take so long to get back to you. It is not your or Firefox's problem.
If you go to https://secure5.arcot.com/ and then click the Show Site Information which is the i in a circle in the Address Bar then the Right Arrow Point > , Then More Information then the Show Certificate Button it will tell you that they are using a Symantec Certificate. They have all been revoked and are no longer acceptable to any browser do to their issue of loosing and suspect sites having them. Digicert as per this url :
You may want to inform the site if you can.
Please let us know if this solved your issue or if need further assistance.
Read this answer in context 👍 0All Replies (3)
الحل المُختار
Hi, sorry to take so long to get back to you. It is not your or Firefox's problem.
If you go to https://secure5.arcot.com/ and then click the Show Site Information which is the i in a circle in the Address Bar then the Right Arrow Point > , Then More Information then the Show Certificate Button it will tell you that they are using a Symantec Certificate. They have all been revoked and are no longer acceptable to any browser do to their issue of loosing and suspect sites having them. Digicert as per this url :
You may want to inform the site if you can.
Please let us know if this solved your issue or if need further assistance.
Thanks! I mistakenly thought that the error code was related only to the incorrect protocol version. I will send an email to the seller company.