SSL_ERROR_NO_CYPHER_OVERLAP when accessing router web interface
An error occurred during a connection to 192.168.1.179. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Upgraded from FF 45 to FF55.2.3 ESR and lost connection to all our routers, access points and hardware.
On FF45 had warning of insecure connection, but had advanced tab to add exception - then everything worked fine.
On FF55 there is no option to do this. Have cehcked forums etc. and tried all the security.tls etc options but same error message - of interest using the IETab plug in and using that rendering engine it connects after a warning but not in standard firefox.
Profile is the same as previous versions - all our pcs use the same profile and a FF45 still works fine on SAME profile.
These are ALL local IP and never over internet! (The IP is local https://192.168.1.179/start.htm) and they are all Netgear products with no firmware upgrades available.
Please how can I ensure that access to our equipment is continued without reverting to an older version?
Modified
Chosen solution
Since you use Windows you could use the portable Firefox 45.8.0esr from https://sourceforge.net/projects/portableapps/files/Mozilla%20Firefox%2C%20Portable%20Ed./Mozilla%20Firefox%20ESR%2C%20Portable%20Edition%2045.8.0/
This can be run on hard drive or usb flash drive even and is self contained as it will not touch your Firefox 52 ESR install or Profile.
You can use this old vulnerable Firefox 45.8.0esr just for to access your old Netgear WG102 that came out in 2006.
Read this answer in context 👍 0All Replies (7)
Well, it is only a workaround, but I would keep a browser just for this task. I assume the routers are using SSLv3 or older, and you can't enable this in modern Firefox versions – and for good reason, SSLv3 is completely broken.
Or if you can disable SSL on the routers, then you can access them through HTTP, and then you don't need an older browser.
Thanks, but with all netgear products can't change their internal settings. I don't "care" about security as they are on internal on a secure network with no outside access......There is even no way to determine (apart from cracking the OS) what security they are using.....so need to disable totally
John
Do you know what connection settings Firefox 45 was using? See "Tools -> Page Info -> Security" or the Security tab in the Network Monitor
Sorry for delay in reply.
Do not have a Firefox 45 installation at the moment as upgraded all of them to work with the same profile on our server.
Strange, but some of our Netgear boxes work BUT I HAVE PREVIOUSLY given the OK on the old advanced page, but not this one.
Have search about:config and security for the exceptions, but can not find them. Identifable by fixed IP so if anyone knows the location of where these exceptions to securit yare stored, I can add one!
You can find the Certificates section at the bottom of the "Privacy & Security" page or use the search bar (certificate). You can find a button to add an exception on the Servers tab.
- Options/Preferences -> Privacy & Security -> Certificates: View Certificates -> Servers
Or alternatively use the chrome URI in the location/address bar:
- chrome://pippki/content/exceptionDialog.xul
Many thanks
this one is "doing my head in" and I have a feeling it is to do with the profile I am using which is very old.
These are Netgear WG102 access points and 4 of them had the option to add exception but the 5th doesn't and they are all on he same firmware etc.
This entry in about:config SHOULD make all the same security.tls.insecure_fallback_hosts;192.168.1.175,192.168.1.176,192.168.1.179, 192.168.1.177, 192.168.1.178 but the .179 doesn't!
Checked certificates and there is a Netgear one showing as valid. Other TLS settings appear correct.
your second option retuns nothing when the address is input......weird.
Will give up now as not too critical - opens in IETab fine.
One day might rebuild the profile from scratch when a few hours to spend, but not now - too busy with work work! Plus trying to get a EE (UK) Femocell to work!
Thanks again - if find an answer, will post it
John Watachet, Somerset, UK
Chosen Solution
Since you use Windows you could use the portable Firefox 45.8.0esr from https://sourceforge.net/projects/portableapps/files/Mozilla%20Firefox%2C%20Portable%20Ed./Mozilla%20Firefox%20ESR%2C%20Portable%20Edition%2045.8.0/
This can be run on hard drive or usb flash drive even and is self contained as it will not touch your Firefox 52 ESR install or Profile.
You can use this old vulnerable Firefox 45.8.0esr just for to access your old Netgear WG102 that came out in 2006.