Closed
Bug 453241
Opened 16 years ago
Closed 13 years ago
ssl error in FF3 w/no bypass, IE also errors, but allows me to bypass
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: schwit, Unassigned)
References
()
Details
Attachments
(1 file)
766 bytes,
application/octet-stream
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1pre) Gecko/20080901033305 Minefield/3.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1pre) Gecko/20080901033305 Minefield/3.0 Secure Connection Failed An error occurred during a connection to 71.168.8.102. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) The page you are trying to view can not be shown because the authenticity of the received data could not be verified. * Please contact the web site owners to inform them of this problem Reproducible: Always Steps to Reproduce: 1.Enter URL 2.Press enter Actual Results: An error that prohibits blocks getting into the PIX. Expected Results: I expect an ssl error, but to include a method to add an exception or some other type of bypass. IE allows this bypass. Include a method to add an exception or some other type of bypass. IE allows this bypass.
Updated•16 years ago
|
Assignee: nobody → kaie
Component: Security → Security: UI
Product: Firefox → Core
QA Contact: firefox → ui
Comment 1•16 years ago
|
||
This is an unusual one - the error seems to indicate that the site you are visiting uses an unknown encryption protocol. There's no way to "work around" that - we can't understand what the server's trying to communicate - but I am curious to know what the protocol involved actually is. The only way to actually solve the problem would be to implement that protocol, but I can't get the site to load at the moment.
I can provide the running config if that would help. Here's the show version. Cisco PIX Firewall Version 6.3(5) Cisco PIX Device Manager Version 3.0(4) Compiled on Thu 04-Aug-05 21:40 by morlee pixfirewall up 63 days 0 hours Hardware: PIX-506E, 32 MB RAM, CPU Pentium II 300 MHz Flash E28F640J3 @ 0x300, 8MB BIOS Flash AM29F400B @ 0xfffd8000, 32KB 0: ethernet0: address is 001b.d405.ef26, irq 10 1: ethernet1: address is 001b.d405.ef27, irq 11 Licensed Features: Failover: Disabled VPN-DES: Enabled VPN-3DES-AES: Disabled Maximum Physical Interfaces: 2 Maximum Interfaces: 4 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: Unlimited Throughput: Unlimited IKE peers: Unlimited This PIX has a Restricted (R) license.
Comment 3•16 years ago
|
||
Thanks for that - what would really help would be if you could attach the certificate. Is that accessible to you?
Comment 5•14 years ago
|
||
Mass change owner of unconfirmed "Core:Security UI/PSM/SMime" bugs to nobody. Search for kaie-20100607-unconfirmed-nobody
Assignee: kaie → nobody
Comment 6•13 years ago
|
||
Maybe the server fixed it on their end (picking a mutually compatible cipher), but since we can't seem to reach/debug that server we can't see the list of advertized ciphers. I'm not 100% sure how to interpret comment 2, but looks like only DES is supported by the server? That's horribly insecure. Mozilla turned off support for all the weak "export" ciphers several years after being allowed to ship the stronger ones world-wide. Although I'm not sure that's the relevant list since Mozilla clients aren't VPNs and a different set of ciphers may be running on the web-server on the same machine.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INCOMPLETE
Assignee | ||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•