can't connect to secure sites after update 37.0
After Update 37, I can not connect to my bank secure site! I get this: Secure Connection Failed I was able to connect easily Before the version 37 update
所有回复 (17)
More info I am trying to connect to my known secure internet bank site I was fine until update 37.0 Now I get: Secure Connection Failed
The connection to ***************was interrupted while the page was loading. ( site blanked out for security )
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.
Are you getting the error page that has a section you can expand called "Technical Details"? It would be helpful to see the contents of that section.
During your update, did you by any chance use Firefox's Refresh feature? This could happen if Firefox reports it is slow and offers a button to refresh/restore default settings. An Old Firefox Data folder then would appear on your desktop. Do you see anything like that?
jscher2000 said
Are you getting the error page that has a section you can expand called "Technical Details"? It would be helpful to see the contents of that section.
During your update, did you by any chance use Firefox's Refresh feature? This could happen if Firefox reports it is slow and offers a button to refresh/restore default settings. An Old Firefox Data folder then would appear on your desktop. Do you see anything like that?
Yes, I did try the refresh to correct the issue, but this did not help, it stays the same, my bank says they know of it from other customers, If I log in thru IE, it works just fine.
Oh, I see, the problem existed before the Refresh. So the option of restoring some of your old settings files wouldn't be helpful.
Each release of Firefox is tightening up different requirements for security certificates, so if your bank is aware of this, they presumably will get an updated certificate to address it. If they need assistance understanding the issue, they can reach out on this forum.
I presume the bank will address this, but when is a good question. Meanwhile, I can enter the site with IE8 w/out a problem. Funny thing is: I have always used Firefox to easily enter the bank site until 37.0 Weird! Something definitely changed!
Can you post a link?
Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:
- chrome://pippki/content/exceptionDialog.xul
In the location field type/paste the URL of the website
- retrieve the certificate via the "Get certificate" button
- inspect the certificate via the "View..." button
Nothing has worked. Tried every suggestion. There must be a workaround or something?
There isn't a workaround for everything. Some defects with security certificate or web server configurations do not have an override.
I updated to 37.01, same issue. Then I installed/upgraded to 38.0 BETA same issue with my bank. this IS a Firefox issue. My bank site worked just fine Before 37.0. And, I can still log on using IE8 I really like Firefox, I hope this problem gets resolved ASAP
If someone posts the URL to the bank, it would be easier to figure out why Firefox doesn't like the certificate.
jscher2000 said
If someone posts the URL to the bank, it would be easier to figure out why Firefox doesn't like the certificate.
https://www.bankoffincastle.com/Default.asp
OK, if you can get past the login to iBank @ Home w/out getting this:
Secure Connection Failed
The connection to web10.secureinternetbank.com was interrupted while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem
Let Me know if you solve it.
Edited based on information provided by cor-el in a later post:
Thanks. I know the reason, but I don't have a workaround. The reason is that the server ONLY supports an RC4 cipher for secure connections, and Firefox 36 and later refuse to consider RC4 secure. In Firefox 36, you would get a warning -- the padlock replaced with a gray triangle with an exclamation point -- but Firefox 37 won't connect at all.
The server does not support TLS 1.2 or TLS 1.1, only TLS 1.0. It also ONLY supports an RC4 cipher for secure connections, and Firefox 36 and later refuse to consider RC4 secure (and display a warning triangle instead of a padlock in the address bar).
You can see this restricted configuration using a test site (link broken for posting, but you can select it and right-click > Open Link in New Tab):
https://www.ssllabs.com/ssltest/analyze.html?d=web10.secureinternetbank.com
(Screen shot of the relevant portion of the page attached.)
Due to a change in Firefox 37, you may not be able to connect to sites that do not support TLS 1.2. Firefox unfortunately doesn't explain this. The Page Info dialog says the site "does not support encryption", but what is left out is "that Firefox thinks is acceptable." (Screen shot attached.)
By comparison, Chrome shows a green padlock, and only by clicking into a rather obscure panel can you see the RC4 problem. (Screen shot attached.) That screen shot also indicates that Chrome connects using TLS 1.0.
Both of these approaches are somewhat misleading and hopefully the UI designers will find a suitable way to explain the situation. That said, I'm not sure they will want to provide a workaround to trust bad ciphers since large institutions generally can update their web server configurations pretty quickly.
There is a workaround for sites that only support TLS 1.0, which is to add the site's host name to an exception list, which you can access through about:config. See: https://support.mozilla.org/questions/1055237#answer-714208
由jscher2000 - Support Volunteer于
Thanks, I'll let The Bank know and see if they'll change their site to work with the new Firefox
If you really want to then you can lower the security and allow to fallback to TLS 1.0
- security.tls.version.fallback-limit = 1
Be aware of the security risks involved with changing this and reset the pref when you are done with this website.
You can open the about:config page via the location/address bar. You can accept the warning and click "I'll be careful" to continue.
cor-el is always (at least) one step ahead of me.
Fortunately (?), you can make site-specific exceptions for servers that do not yet support TLS 1.2. Here's how:
(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character, and not including either of those. In this case: web10.secureinternetbank.com
(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
(3) In the search box above the list, type or paste tls and pause while the list is filtered
(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.
When you reload that site, Firefox should disregard the fact that it is using TLS 1.0, but still alert you to the RC4 issue by displaying the warning triangle instead of a padlock.
Thanks! This works for now. Now I can use Firefox to log on You guys helped a lot! Thanks Again! :)