Firefox ssl_error_no_cypher_overlap when loading release notes[Firefox security configuration issue]

m_w
m_w
Community Member
edited August 2015 in 1Password 4 for Windows

When starting 1Password today I was offered to download a new version; I clicked on the "More Info" to find out what's included in this new release; this opened my Firefox v39.0 but failed to load the page https://app-updates.agilebits.com/relnotes/OPW4/en/582/583; instead, I got this error message:

Secure Connection Failed

An error occurred during a connection to app-updates.agilebits.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

I've noticed with Firefox v38 that some other websites didn't work for similar errors; it seems Firefox is a lot more stringent when connecting to websites and v39 even more so.

Is there a setting in Firefox that I can adjust to overcome this check or can you update your server?

Cheers
M


1Password Version: 4.6.0.583
Extension Version: 4.4.1
OS Version: Windows 7
Sync Type: manual

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @m w: Hm. Well, I just tested this myself to be sure, and I didn't have any trouble loading our update site using Firefox 38 and 39 (after updating :lol:) on Windows 7. If you're getting this error, it may be a configuration problem with your certificate store, some settings you've changed, or Firefox may simply be damaged.

    Please try installing a fresh copy of Firefox, and also check your SSL/TLS settings. Do you have security software that may be performing a man-in-the-middle attack? I believe Avast and some others actually install their own certificates, which would prevent the validation from working correctly. Please let me know how it turns out!

  • m_w
    m_w
    Community Member

    Thanks brenty - been away for some time and so wasn't able to respond earlier. I checked my Firefox settings and found that

    • security.ssl3.dhe_rsa_aes_128_sha and
    • security.ssl3.dhe_rsa_aes_256_sha
      were set to false; I'm using Firefox on my work laptop and remembered that our network team had switched both of these off because there was some conflict with an internal web page.

    After a bit of playing with different combinations for these settings I found that I can leave the 128 setting false but have to switch the 256 setting back to true (default). That allows me now to access the 1Password release notes and also the internal site :)

    Cheers
    M

  • Hi @m w,

    Thank you for writing back to let us know what you found and what you needed to do to fix it. That will help other customers that might be in the same situation at work.

  • Mukharjee
    Mukharjee
    Community Member

    adding -keyalg RSA while generating self-signed key will solve this problem -- Mukharjee Pinapaka

  • That's interesting, thank you for letting us know @Mukharjee. We really appreciate it!

This discussion has been closed.