Would like to get to this web site https://www.vermontfederal.org/home/home always did, not now, message SSL_ERROR_NO_CYPHER_OVERLAP
I can't get to my bank's website, where I used to go for many years. the site is:
https://www.vermontfederal.org/home/home
I get message of Error: SSL_ERROR_NO_CYPHER_OVERLAP
It just happened out of nowhere. Thank you for help I can't change to newer browser, because I would have to change to newer system software on my Mac and would loose lots of software installed years ago which I like. The system on my Mac is OS 10.8.5 Evzen Holas
All Replies (5)
Hi Evzen, many banks are tightening up their connection requirements, and you are running a very old version of Firefox that doesn't have the latest ciphers built-in.
The following page shows the bank has very strict connection requirements:
- TLS 1.2 only (not 1.0 or 1.1)
- One of these two ciphers:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
https://www.ssllabs.com/ssltest/analyze.html?d=www.vermontfederal.org
Apparently Firefox 48 can't do that. Have you tried Safari?
Enter about:config in the URL bar and check values of security.tls.version.min and security.tls.version.max. Try to set security.tls.version.max = 3.
Modified
In current Firefox, you also would want the following enabled. I don't know whether it exists in Firefox 48:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
(2) In the search box above the list, type or paste gcm and pause while the list is filtered
(3) If the security.ssl3.ecdhe_rsa_aes_256_gcm_sha384 preference is bolded and "modified" or "user set" to false, double-click it to restore the default value of true
If it's missing completely, well, there's yer trouble.
To my helpers I can't use safari, I would have to update system software, which I do not want to do. (because thenewer once suck) My security.tls.version.max. is by default set to 3 And security.ssl3.ecdhe_rsa_aes_256_gcm_sha384, I do not have there, I have security.ssl3.ecdhe_rsa_aes_128_gcm_sha256
Thank you for trying. Is there any hope. It just happened out of nowhere, I was fine with this for years and other websites , like Pay Pal etc work
Since Firefox 48 cannot connect directly -- it doesn't have either of the required ciphers -- you would need to connect indirectly through a proxy. The proxy would accept your lower security connection, and would make a higher security connection with the target website.
Common proxies include security programs that intercept and filter your web connection, but I don't know if they will work in this situation. You could test one out, just be aware that you may need to restart your system or use an option in the software to set up Firefox to trust it (proxies generate fake website certificates). This help article lists some of the common ones: How to troubleshoot security error codes on secure websites.