User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1pre) Gecko/20080901033305 Minefield/3.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1pre) Gecko/20080901033305 Minefield/3.0 Secure Connection Failed An error occurred during a connection to 18.104.22.168. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) The page you are trying to view can not be shown because the authenticity of the received data could not be verified. * Please contact the web site owners to inform them of this problem Reproducible: Always Steps to Reproduce: 1.Enter URL 2.Press enter Actual Results: An error that prohibits blocks getting into the PIX. Expected Results: I expect an ssl error, but to include a method to add an exception or some other type of bypass. IE allows this bypass. Include a method to add an exception or some other type of bypass. IE allows this bypass.
Assignee: nobody → kaie
Component: Security → Security: UI
Product: Firefox → Core
QA Contact: firefox → ui
This is an unusual one - the error seems to indicate that the site you are visiting uses an unknown encryption protocol. There's no way to "work around" that - we can't understand what the server's trying to communicate - but I am curious to know what the protocol involved actually is. The only way to actually solve the problem would be to implement that protocol, but I can't get the site to load at the moment.
I can provide the running config if that would help. Here's the show version. Cisco PIX Firewall Version 6.3(5) Cisco PIX Device Manager Version 3.0(4) Compiled on Thu 04-Aug-05 21:40 by morlee pixfirewall up 63 days 0 hours Hardware: PIX-506E, 32 MB RAM, CPU Pentium II 300 MHz Flash E28F640J3 @ 0x300, 8MB BIOS Flash AM29F400B @ 0xfffd8000, 32KB 0: ethernet0: address is 001b.d405.ef26, irq 10 1: ethernet1: address is 001b.d405.ef27, irq 11 Licensed Features: Failover: Disabled VPN-DES: Enabled VPN-3DES-AES: Disabled Maximum Physical Interfaces: 2 Maximum Interfaces: 4 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: Unlimited Throughput: Unlimited IKE peers: Unlimited This PIX has a Restricted (R) license.
Thanks for that - what would really help would be if you could attach the certificate. Is that accessible to you?
Mass change owner of unconfirmed "Core:Security UI/PSM/SMime" bugs to nobody. Search for kaie-20100607-unconfirmed-nobody
Assignee: kaie → nobody
Maybe the server fixed it on their end (picking a mutually compatible cipher), but since we can't seem to reach/debug that server we can't see the list of advertized ciphers. I'm not 100% sure how to interpret comment 2, but looks like only DES is supported by the server? That's horribly insecure. Mozilla turned off support for all the weak "export" ciphers several years after being allowed to ship the stronger ones world-wide. Although I'm not sure that's the relevant list since Mozilla clients aren't VPNs and a different set of ciphers may be running on the web-server on the same machine.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → INCOMPLETE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.