firefox said dont trust this website and l clicked ok, want to undo that?
Firefox kept saying that l should not trust this website and today when l opened the browser l clicked on "Dont trust" by mistake. Now l can't connect to the site and can't reverse my decision.
I need this site w to do my work, please assist
Isisombulu esikhethiweyo
Well, I get that, too, but I wasn't surprised because the error message —
SSL peer was unable to negotiate an acceptable set of security parameters. Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT
— indicates that the site requires you to have installed/imported a particular certificate in Firefox as a personal certificate in order to use the site. Does that sound familiar?
Importing into Firefox is a separate step from importing into IE. Can your IT provide instructions?
Funda le mpendulo kwimeko leyo 👍 1All Replies (14)
I am not too sure what you saw and what you clicked on. I can not think of a standard message that you would click on and then get blocked from looking at a website.
Using the Firefox Refresh option may well solve the issue.
Note that will remove Firefox extensions you have added.
did that and still face same problem, have attached pics
The picture on the left would appear if the page is using an HTTPS address, and Firefox and the server do not agree on a "cipher" for encrypting data. I'll give you some steps to investigate that in a second.
I don't know what causes the picture on the right to appear. Is that an HTTP address or an HTTPS address? Can you provide a link to that page?
Could you check your Firefox settings to make sure you are allowing enough types of connections.
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste TLS and pause while the list is filtered
(3) If you have any non-default settings (typically bolded and having a status of "user set"), you can make a note of the values in case they turn out to be important for some other reason, then right-click > Reset each prefer to its default value.
If you have any locked preferences (typically italicized), you may have an external lock file modifying your Firefox configuration.
(4) In the search box above the list, type or paste security.ss and pause while the list is filtered
(3) If you have any non-default settings (typically bolded and having a status of "user set"), you can make a note of the values in case they turn out to be important for some other reason, then right-click > Reset each prefer to its default value.
It's okay to set these to false (this works around any servers that have not yet been fixed for the Logjam vulnerability):
- security.ssl3.dhe_rsa_aes_128_sha => false
- security.ssl3.dhe_rsa_aes_256_sha => false
Again, if you have any locked preferences (typically italicized), you may have an external lock file modifying your Firefox configuration.
Did you change anything and did that make any difference?
This is not a Firefox problem. There is everything wrong with how that server in the first screenshot is set up to make secure connections. In particular:
(1) The certificate cannot be linked to a trusted issuer. Firefox and Windows each come with a set of trusted issuer certificates, and browsers will trust a website's certificate if it is signed by a trusted authority. The link is missing in this case.
(2) The site uses only RC4 ciphers. No modern browsers accept RC4 ciphers as secure.
Those and additional problems are outlined here: https://www.ssllabs.com/ssltest/analyze.html?d=www.unibase.info
Now yes, you can force Firefox to connect with this site by changing a setting and setting Firefox to trust the untrustworthy certificate if there's no chance of correcting the server configuration. Does your employer understand that data cannot be exchanged securely with the server? The data being transmitted is not sensitive and if it were to be intercepted that wouldn't be a problem?
Sorry, I was able to figure out the site from one of the screenshots and posted this comment about it: https://support.mozilla.org/questions/1137912#answer-915735
yes they understand, please advise how to force firefox to trust. Thank you
bhekib said
yes they understand, please advise how to force firefox to trust.
(0) Select and copy the host name of the insecure server:
www.unibase.info
(1) In a new tab, type about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type TLS and pause while the list is filtered
(3) Double-click the security.tls.insecure_fallback_hosts preference and either:
(A) If the value is currently blank: paste the insecure host name and click OK
(B) If the value is not currently blank: add a comma at the end, then paste the additional insecure host name after the comma and click OK
(4) Reload the insecure page bypassing the cache (Ctrl+Shift+r) and you should get a different error page that has an Advanced button
(5) Click the Advanced button to gain access to the Add Exception button to set your Firefox to trust the insecure server
hi
I did and this is what l got in return again. see attached pic
Isisombululo esiKhethiweyo
Well, I get that, too, but I wasn't surprised because the error message —
SSL peer was unable to negotiate an acceptable set of security parameters. Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT
— indicates that the site requires you to have installed/imported a particular certificate in Firefox as a personal certificate in order to use the site. Does that sound familiar?
Importing into Firefox is a separate step from importing into IE. Can your IT provide instructions?
Its resolved. thanks. Just one more thing see attached as this is how l ended up in this dillema in the first place
FYI, clicking "Don't Trust This Website" removes the website hostname from the security.tls.insecure_fallback_hosts config option. So to reverse it, add the hostname back there. The steps to do that are described in this post (click "said" to view the entire message):
jscher2000 said
(0) Select and copy the host name of the insecure server:
Ilungisiwe
I already did that and this is what l get in return. See attached, there is a do not trust pop up that doesn't go away and keeps popping up in every new page l work on in that website
If you are annoyed by that yellow bar, you could hide it using a custom style rule:
/* Hide "Firefox recommends that you don’t enter your password..." bar */ notification[value="weak-crypto"]{ display: none !important; }
Custom style rules can be applied to Firefox's interface using either the Stylish extension or a userChrome.css file. Stylish is easier, so let me describe that option.
(A) Install the Stylish extension from the Mozilla Add-ons site: https://addons.mozilla.org/firefox/addon/stylish/
(B) Before Stylish is activated, you'll need to restart Firefox (Firefox should display a link for that purpose)
(C) Create a new blank rule using the Stylish "S" icon on the toolbar -- click the icon > Write new style > Blank Style
If the icon does not appear, you can create a new blank rule from the Add-ons page. Either:
- Ctrl+Shift+a (Mac: Command+Shift+a)
- "3-bar" menu button (or Tools menu) > Add-ons
In the left column, click User styles, then above the (empty) list, click the Write New Style button.
(D) Firefox should open a new tab for editing, with the cursor in a large area to the right of a 1. Paste in the rule from earlier in this reply.
In another tab, load the page from the site that doesn't care about security and see that the yellow infobar is displayed.
Switch back to your new rule and click the Preview button to apply the rule. Then switch over to the insecure page and the bar should be invisible.
Does it work?
(E) Assuming it works the way you want, click in the space above the code (next to Name:) and type in a name like Hide Weak Crypto Warning Bar and click the Save button. You can close this tab now.