Secure Connection Failed - ssl_error_no_cypher_overlap error page should provide more detail

RESOLVED WONTFIX

Status

Core Graveyard
Security: UI
--
enhancement
RESOLVED WONTFIX
3 years ago
2 years ago

People

(Reporter: Bitt Faulk, Unassigned)

Tracking

38 Branch

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Firefox/38.0
Build ID: 20150513174244

Steps to reproduce:

Open an https site that has no cypher overlap with Firefox. (Sorry; I don't have a publicly available available site.) View the error page.


Actual results:

The error page shows:

Secure Connection Failed

An error occurred during a connection to bad-cypher-host.example.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.


Expected results:

The error page should provide a way to determine what cyphers the server offers.

Comment 1

3 years ago
workaround
(In reply to Bitt Faulk from comment #0)
> The error page should provide a way to determine what cyphers the server
> offers.

You can use the SSL Labs service for this.
https://www.ssllabs.com/ssltest/
Severity: normal → enhancement
Component: Untriaged → Security: UI
OS: Unspecified → All
Product: Firefox → Core
Hardware: Unspecified → All
Summary: ssl_error_no_cypher_overlap error page should provide more detail → Secure Connection Failed - ssl_error_no_cypher_overlap error page should provide more detail
Also getting for a popular Toronto retail store and seeing lots of errors about ssl_error_no_cypher_overlap posted to Twitter. https://baybloorradio.com/

Comment 3

3 years ago
(In reply to Ryan Feeley from comment #2)
> Also getting for a popular Toronto retail store and seeing lots of errors
> about ssl_error_no_cypher_overlap posted to Twitter.
> https://baybloorradio.com/

I filed Bug 1173661 for this.
(It would be appreciated if you could file similar bugs if you encounter more (popular) RC4 only sites, Thanks!)
Improvements to the neterror page have been made recently that might help with this (e.g. if your cipher suite preferences aren't set to the defaults, Firefox will offer to reset them and see if that helps). In general, determining what cipher suites the server supports requires trying every single cipher suite, and this is not something we're going to implement in Firefox.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
(Assignee)

Updated

2 years ago
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.