搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

FIrefox incorrectly reporting pages as insecure

  • 11 个回答
  • 21 人有此问题
  • 1 次查看
  • 最后回复者为 philipp

more options

Several sites are blocked for me in spite of being well known reputable (i think!) sites.

Santander Personal Banking and Daybreak games are examples. Take daybreakgames. URL is:

https://auth.daybreakgames.com/login?service=https%3A%2F%2Fwww.daybreakgames.com%2Fj_spring_cas_security_check&theme=dgc&locale=en_US

I get the following message:

<<< The connection to auth.daybreakgames.com was interrupted while the page was loading.

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

>>>

If I click the (i) icon in the address bar to see site certificate info I see 'connection is not secure' Your connection to this server is not private.

Yes it is, it's HTTPS

I open the same site in Chrome (speak of the devil!) and it reports a valid certifificate, the connection is secure TLS (doesn't specify version) and that all resources on the server are served securely.

So who's right? I'm pretty damn sure a mid sized organisation like daybreakgames and a large bank like Santander are in fact secured by https

Any hints to kick firefox into some kind of sense appreciated.

Cheers

S

Several sites are blocked for me in spite of being well known reputable (i think!) sites. Santander Personal Banking and Daybreak games are examples. Take daybreakgames. URL is: https://auth.daybreakgames.com/login?service=https%3A%2F%2Fwww.daybreakgames.com%2Fj_spring_cas_security_check&theme=dgc&locale=en_US I get the following message: <<< The connection to auth.daybreakgames.com was interrupted while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. >>> If I click the (i) icon in the address bar to see site certificate info I see 'connection is not secure' Your connection to this server is not private. Yes it is, it's HTTPS I open the same site in Chrome (speak of the devil!) and it reports a valid certifificate, the connection is secure TLS (doesn't specify version) and that all resources on the server are served securely. So who's right? I'm pretty damn sure a mid sized organisation like daybreakgames and a large bank like Santander are in fact secured by https Any hints to kick firefox into some kind of sense appreciated. Cheers S

被采纳的解决方案

Hi Cor-el

Thanks for helping.

I've mostly fixed this, a long time ago I had changed security.tls.version.max to 1, this was a long time ago and when I logged in to Firefox it obviously had kept this setting.

This fixed the daybreakgames site. But there's still an issue with Santander, but now the link to accept the lower security works.

If I click on the (i) icon in the address bar it says that santander uses 'weak encryption'. So I guess this means Santander is at fault? I'm very surprised.

I will mark this as completed, thanks everyone for your time.

定位到答案原位置 👍 3

所有回复 (11)

more options

There is security software like Avast and Kaspersky and BitDefender and ESET that intercept secure connections and send their own certificate.

http://www.ehow.com/how_11385212_troubleshoot-reset-connection-firefox.html

https://support.mozilla.org/en-US/kb/server-not-found-connection-problem

https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can

https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message

https://support.mozilla.org/en-US/kb/connection-untrusted-error-message

http://kb.mozillazine.org/Error_loading_websites

This Connection is Untrusted is sometimes caused because the computer system clock is wrong. Check the time / date / time zone settings.

more options

Hi Fred

Many thanks for taking the time to reply.

The time/date settings are correct (NZ) and I'm just using the default Windows 10 security. This machine was very recently re-installed so it's almost a vanilla FF installation. I had this problem with Santander before the clean install as well.

more options

Check your security software.

more options

About all you can do is disable the default W10 defender which I have tried, also adding and removing a firefox exclusion

Have tried running FF in safe mode

Ensured it's not trying to connect via proxy

Cleared cache

IE11 and Chrome both connect without issue

Deleted cert8.db

由Simbosan于修改

more options

hi, can you give us the following information about the issue with santander?:

  • what is the error code shown when you click on advanced on that error page?
  • please also give us more information about the error by clicking on the error code, copying the text to the clipboard and then pasting it here into a reply in the forum.

thank you!

more options

Hi Phillip

Thanks for responding:

The error page is different for Santander, but the info from the address bar icon is the same:

Page <<< Your connection is not secure

The owner of retail.santander.co.uk has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

Learn more…

Report errors like this to help Mozilla identify and block malicious sites

retail.santander.co.uk uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. Advanced info: SSL_ERROR_NO_CYPHER_OVERLAP (Not secure) Try loading retail.santander.co.uk using outdated security

>>>

Icon <<< retail.santander.co.uk Your connection is not secure >

> Your connection to this site is not private, information you submit could be viewed by others.... >>>

I've tried deleting the cert8.db to refresh the certificate cache, still not working

Cheers

S

more options

If you can't inspect the certificate via Advanced (I Understand the Risks) then try this:

Open the "Add Security Exception" window by pasting this chrome URL in the Firefox location/address bar and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field of this window type or paste the URL of the website with the https:// protocol prefix (https://retail.santander.co.uk/).

  • retrieve the certificate via the "Get certificate" button
  • click the "View..." button to inspect the certificate in the Certificate Viewer

You can inspect details like the issuer and the certificate chain in the Details tab of the Certificate Viewer. Check who is the issuer of the certificate. If necessary then please attach a screenshot that shows the Certificate Viewer with the issuer.

more options

选择的解决方案

Hi Cor-el

Thanks for helping.

I've mostly fixed this, a long time ago I had changed security.tls.version.max to 1, this was a long time ago and when I logged in to Firefox it obviously had kept this setting.

This fixed the daybreakgames site. But there's still an issue with Santander, but now the link to accept the lower security works.

If I click on the (i) icon in the address bar it says that santander uses 'weak encryption'. So I guess this means Santander is at fault? I'm very surprised.

I will mark this as completed, thanks everyone for your time.

more options

There is no problem with the retail.santander.co.uk server.

Did you check the issuer?

  • Entrust Certification Authority - L1M
more options

Hi Cor-el, not sure what you mean by check the issuer.

I reset all firefox settings to default (excluding some normal config items) and now Santander seems fine.

I must have set that TSL setting a looong ago, can't remember why, and because I use Firefox sync it's followed me around forever.

Storing settings online muddies the water sometimes, never quite sure if you have a 'fresh' installation.

Thanks again for your help

more options

please try this & see if it makes a difference on santander: enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for all custom preferences (=shown in bold) starting with security. & reset them to their default value by right-clicking them.