Trying to distinguish if my host company's explanation for PR_END_OF_FILE_ERROR uses sound security logic or if it's a sloppy shortcut
I have paid to host my website on a particular server. The only time I ever have trouble with it is when I log into the panel to manage my website's files. Firefox won't open it and gives me a PR_END_OF_FILE_ERROR. My security software calls it "infected." Upon investigation, I discovered that I did not recognize the name of the entity to which the security certificate was issued. I asked my hosting company's tech support about it. They said that "the SSL certificate which deploys to a particular instance is 'self-signed' by default; such SSL certificates will prevent eavesdropping by encrypting traffic, but since they lack what is known as a 'certificate authority bundle', this warning is expected behavior."
I just learned that a PR_END_OF_FILE_ERROR means that Firefox tried to use their entire designated list of possible security protocols to load the page and was not able to use any of them. Either my host company's protocol is out-of-date or it does not happen to use one of the protocols that Firefox uses.
That causes me to wonder: is my host company's security logic sound, or are they trying to use a shortcut and save money, somehow?
However, my biggest immediate problem is that my hosting company's tech support assumed that I would be able to click on the "Advanced" button and then load the page anyway. Instead, Firefox's "problem loading page" instance is one that does not have the option to disregard it. I am stuck and I am very suspicious that it is to my benefit that I am forced to question my hosting company's security logic.
所有回覆 (4)
You can try to disable DNS over HTTPS.
- https://support.mozilla.org/en-US/kb/firefox-dns-over-https
- https://support.mozilla.org/en-US/kb/dns-over-https-doh-faqs
Are you using a proxy or VPN?
You can check the connection settings.
- Settings -> General -> Network: Connection -> Settings
If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.
See "Firefox connection settings":
- https://support.mozilla.org/en-US/kb/websites-dont-load-troubleshoot-and-fix-errors
- https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
- https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
See also:
You might have another tool for this, but a test page like the following can pull information on the protocols/ciphers in use on the server and flag browser-specific issues for numerous versions:
https://www.ssllabs.com/ssltest/
Setting aside the invalid certificate issue, does it appear that their test versions of Firefox can connect?
Thank you, both, but before I disable DNS or try to otherwise work around this "expected behavior," is it actually in my interest to do so? Is my hosting company doing something that is in my interest?
It certainly would be better if the certificate was formally issued. I don't understand, in the age of free SSL (which may in fact be included with your account), why they are using a self-signed certificate for any of their sites.