Why can't I connect to this desjardins.com site?
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
Why can't I connect to this desjardins.com site?
The problem seem to be with SHA1 and NOT with SHA2 256
If I connect with MSIE I see SHA256 but only SHA128 with Palemoon (commander addon installed)
Why ?
If I connect with MSIE I see SHA256 but only SHA128 with Palemoon (commander addon installed)
Why ?
Re: Why can't I connect to this HTTPS site?
The same site?
SHA128 doesn't exist. Also, SHA is a hash algo, not a cipher. Your post makes absolutely no sense.
SHA128 doesn't exist. Also, SHA is a hash algo, not a cipher. Your post makes absolutely no sense.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Why can't I connect to this HTTPS site?
I don't know. may be. But connect to accesd.desjardins.com and check yourself more informations and security you will see rc4 128 bits
connect with MSIE you will see SHA256RSA
the explanation from computer bank guy (in french need to translate)
-------------------------------------
Pour faire suite à la réception de votre courriel, nous supposons, selon le
contenu de votre message, que ceci est en lien avec SHA1 (un algorithme utilisé
dans SSL). Les acteurs de l'industrie se sont entendus pour mettre fin à son
utilisation en 2017. Desjardins a récemment commencé la migration de ses
systèmes à SHA2.
L'impact de cette migration est qu'il est impératif de mettre à jour vos
navigateurs Internet afin d'utiliser leur version la plus récente. Autrement,
les navigateurs pourraient émettre des messages d'erreur de certificat ou vous
empêcher de vous connecter.
Notez que Firefox, Chrome, Safari et Internet Explorer supportent désormais la
nouvelle version de SHA.
Par ailleurs, il est possible que certains navigateurs, même à jour, fassent
toujours allusion à une encryption RC4_128 avec SHA1. Toutefois, si vous
consultez l'onglet « Détails » des informations relatives au certificat, vous
devriez voir SHA256 qui vous confirmera que la communication est en SHA2.
connect with MSIE you will see SHA256RSA
the explanation from computer bank guy (in french need to translate)
-------------------------------------
Pour faire suite à la réception de votre courriel, nous supposons, selon le
contenu de votre message, que ceci est en lien avec SHA1 (un algorithme utilisé
dans SSL). Les acteurs de l'industrie se sont entendus pour mettre fin à son
utilisation en 2017. Desjardins a récemment commencé la migration de ses
systèmes à SHA2.
L'impact de cette migration est qu'il est impératif de mettre à jour vos
navigateurs Internet afin d'utiliser leur version la plus récente. Autrement,
les navigateurs pourraient émettre des messages d'erreur de certificat ou vous
empêcher de vous connecter.
Notez que Firefox, Chrome, Safari et Internet Explorer supportent désormais la
nouvelle version de SHA.
Par ailleurs, il est possible que certains navigateurs, même à jour, fassent
toujours allusion à une encryption RC4_128 avec SHA1. Toutefois, si vous
consultez l'onglet « Détails » des informations relatives au certificat, vous
devriez voir SHA256 qui vous confirmera que la communication est en SHA2.
Re: Why can't I connect to this desjardins.com site?
Split off because it's completely unrelated for a different site.
"SHA256RSA" is a certificate signing algorithm and has nothing to do with the ciphers.
I checked the site in ssllabs and the only thing they support is:
Cipher Suites (sorted by strength; the server has no preference)
TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128
This is the cipher it will negotiate with ANY browser.
They do not offer SHA256 ciphers (which one would expect from a TLS1.2 capable server that they use, e.g. supporting the AES128-SHA256 GCM ciphers)
This has nothing to do with the SHA algo of the certificate. So even though they updated their certificate when renewing it to use SHA2, as is recommended but which may not be supported by particularly old browsers or operating systems, their actual encryption is restricted to a single, weak, soon-prohibited RC4 cipher.
Please see: https://www.ssllabs.com/ssltest/analyze ... ardins.com
"SHA256RSA" is a certificate signing algorithm and has nothing to do with the ciphers.
I checked the site in ssllabs and the only thing they support is:
Cipher Suites (sorted by strength; the server has no preference)
TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128
This is the cipher it will negotiate with ANY browser.
They do not offer SHA256 ciphers (which one would expect from a TLS1.2 capable server that they use, e.g. supporting the AES128-SHA256 GCM ciphers)
This has nothing to do with the SHA algo of the certificate. So even though they updated their certificate when renewing it to use SHA2, as is recommended but which may not be supported by particularly old browsers or operating systems, their actual encryption is restricted to a single, weak, soon-prohibited RC4 cipher.
Please see: https://www.ssllabs.com/ssltest/analyze ... ardins.com
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Why can't I connect to this desjardins.com site?
You saw the bank guy answer... What can I do ?
Re: Why can't I connect to this desjardins.com site?
You can ask to talk to the manager. The bank guy obviously doesn't seem to have the required technical background to understand the problem is with the cipher and not with the certificate.
Feel free to forward them to this thread as well as the ssllabs report. Feel free to quote my analysis in my previous post to them (translated or not).
Feel free to forward them to this thread as well as the ssllabs report. Feel free to quote my analysis in my previous post to them (translated or not).
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Why can't I connect to this desjardins.com site?
Translated.
In response to receiving your email, we assume, as
content of your message, this is in line with SHA1 (an algorithm used
in SSL). The industry players have agreed to end its
use in 2017. Desjardins recently began migrating its
SHA2 systems.
The impact of this migration is that it is imperative to update your
Internet browsers to use their most recent version. Otherwise,
browsers could issue certificate error messages, or you
help login.
Note that Firefox, Chrome, Safari and Internet Explorer now support
new version of SHA.
Furthermore, it is possible that some browsers, even to date, do
always referring to a RC4_128 encryption with SHA1. However, if you
see the tab "Details" information about the certificate, you
should see SHA256 confirming that communication is SHA2.
Re: Why can't I connect to this desjardins.com site?
Thanks bonesz, but as already stated, the message from the bank is N/A for this problem. Pale Moon has no problem using SHA2 certificates.
Pale Moon using: https://www.ssllabs.com/ssltest/viewMyClient.html
Signature algorithms SHA256/RSA, SHA384/RSA, SHA1/RSA, SHA256/ECDSA, SHA384/ECDSA, SHA1/ECDSA, SHA256/DSA, SHA1/DSA
And yes it even supports SHA384.
Pale Moon using: https://www.ssllabs.com/ssltest/viewMyClient.html
Signature algorithms SHA256/RSA, SHA384/RSA, SHA1/RSA, SHA256/ECDSA, SHA384/ECDSA, SHA1/ECDSA, SHA256/DSA, SHA1/DSA
And yes it even supports SHA384.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Why can't I connect to this desjardins.com site?
Thanks. I did what you say and I'm waiting for the bank answer...
I saw this morning PAYPAL have same RC4 crap if I leave RC4 SHA selected on Palemoon commander... (but still can't connect to my bank)
I saw this morning PAYPAL have same RC4 crap if I leave RC4 SHA selected on Palemoon commander... (but still can't connect to my bank)
Re: Why can't I connect to this desjardins.com site?
Paypal should use much stronger encryption when available. They may still include it for compatibility, but I'm pretty sure they will use AES when offered.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Why can't I connect to this desjardins.com site?
Yes Paypal use AES256 but you see if I leave palemoon commander Sha RC4 selected, Paypal use by default RC4 cipher.. this is not normal...
Re: Why can't I connect to this desjardins.com site?
Let paypal know! They obviously have a totally wrong preferred cipher order on their servers.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Why can't I connect to this desjardins.com site?
Paypal know since last week now, but do N O T H I N G ...Moonchild wrote:Let paypal know! They obviously have a totally wrong preferred cipher order on their servers.
And the bank moron guy answer...(translated) :
This follows emails related RC4. A draft
major telecommunication is currently underway, which requires
several changes across multiple servers. Desjardins is currently
test mode to ensure the proper functioning of these changes and to ensure that
different browsers will respond well, allowing access to
our secure pages. These changes should be completed in the coming weeks.
Thank you for your vigilance.
Please accept our best regards
=
Re: Why can't I connect to this desjardins.com site?
Using : Palemoon 25.3.1 (x86)
For some strange reason, I get this message (below) when I try using their AccèsD services with *Palemoon*, but not with Firefox.
Considering this is a matter regarding a 'financial website'... this is seriously problematic for Palemoon, I must say.
Translation to English :
« Failed Secure Connection
An error has occurred during a accesd.desjardins.com connection. Unable to communicate securely with peer: no common encryption algorithm. (Error code: ssl_error_no_cypher_overlap)
The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem. You can also use the command in the help menu to report this broken site. »
For some strange reason, I get this message (below) when I try using their AccèsD services with *Palemoon*, but not with Firefox.
Considering this is a matter regarding a 'financial website'... this is seriously problematic for Palemoon, I must say.
Translation to English :
« Failed Secure Connection
An error has occurred during a accesd.desjardins.com connection. Unable to communicate securely with peer: no common encryption algorithm. (Error code: ssl_error_no_cypher_overlap)
The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem. You can also use the command in the help menu to report this broken site. »
- trava90
- Contributing developer
- Posts: 1742
- Joined: 2013-05-20, 18:19
- Location: Somewhere in Sector 001
Re: Why can't I connect to this desjardins.com site?
Please read the FAQ, specifically point 2.
Re: Why can't I connect to this desjardins.com site?
Looks like the site owners got around to fixing their security.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite