Closed Bug 1109859 Opened 5 years ago Closed 5 years ago

Firefox incorrectly assumes ssl_error_no_cypher_overlap is due to SSLv3

Categories

(Firefox :: Untriaged, defect)

34 Branch
x86_64
Linux
defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 1113780

People

(Reporter: ross, Unassigned)

References

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0 Iceweasel/34.0
Build ID: 20141203163643

Steps to reproduce:

I get an ssl_error_no_cypher_overlap when connecting to a TLS 1.2 server on our private intranet.

Firefox says this is due to the server running SSLv3, but it is wrong.  This is due to Firefox not supporting SHA384:
$ openssl s_client -connect server:443
...
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-GCM-SHA384

According to https://bugzilla.mozilla.org/show_bug.cgi?id=1084554 this is by design - so an accurate message would be nice.


Actual results:

Unable to Connect Securely

Firefox cannot guarantee the safety of your data on server because it uses SSLv3, a broken security protocol.
Advanced info: ssl_error_no_cypher_overlap


Expected results:

A more informative error message - something warning me that the server only supports ciphers that Firefox does not support.
Bug 1098371 should fix the wrong message problem.
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1098371
Duplicate of bug: 1113780
Duplicate of this bug: 1123967
You need to log in before you can comment on or make changes to this bug.