User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0 (Beta/Release) Build ID: 20140127194636 Steps to reproduce: see bug 950858 comment 21 When I access a certain intranet HTTPS site with FF 27.0 on Windows 7 64bit, I get: Secure Connection Failed An error occurred during a connection to server:8443. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) Using FF 26 crashes (bug 950858), while FF 25 (and older) works. The site uses SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA and requires a client login.
Is the server using a certificate with a key that is 2048 bits or more? If not, it is likely that we're going to stop working with this site due to the small key. What cipher suite are other browsers choosing?
Component: Untriaged → Security: PSM
Product: Firefox → Core
Status: UNCONFIRMED → NEW
Ever confirmed: true
Chrome says: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Opera suggests: 168 bit 3-DES (DHE_DSS/SHA), but then when I aprove the certificate it gives: Secure connection: fatal error (40) from server. https://server_name:8443/path/ Failed to connect to server. The reason may be that the encryption methods supported by the server are not enabled in the security preferences. Please note that some encryption methods are no longer supported, and that access will not be possible until the website has been upgraded to use strong encryption. Firefox 25 uses SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 112 bit keys) The server key is DSA 1024 bits
I am getting this error too. https://www.citibank.com/us/citibusinessonline/ Secure Connection Failed An error occurred during a connection to www.citibank.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. I have not yet talked to their support.
Same here https://fancyssl.hboeck.de/
Also happening when visiting BMO with security.tls.version.min set to 3.
Coming from bug "sec_error_invalid_key" which turned in "mozilla_pkix_error_inadequate_key_size" ( https://bugzilla.mozilla.org/show_bug.cgi?id=1084606 ), today after a beta update to FF34.0b3 I get the "ssl_error_no_cypher_overlap".
Changing the too generic summary.
Summary: ssl_error_no_cypher_overlap on a site → Firefox 26+ no longer supports TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Brian, do you think we need to add TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA back? (I don't.)
Everybody that came here due to a ssl_error_no_cypher_overlap error that isn't about the TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA cipher suite: please file a new bug. If you already filed a separate bug and it was marked as a duplicate of this bug, reopen the original bug or ask (you can email@example.com) for it to be reopened. No, I don't think we should add back TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA. Some Googlers have told me they've removed all DSS support from BoringSSL which means Chrome won't support it either. Marking this INVALID, which is a too-harsh way of saying "works as intended".
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → INVALID
(In reply to Brian Smith (:briansmith, :bsmith, use NEEDINFO?) from comment #11) > Some Googlers have told me they've removed all DSS support from BoringSSL which > means Chrome won't support it either. Oh, good to know. Filed bug 1107787.
You need to log in before you can comment on or make changes to this bug.