Amazon SSL login issue
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
Amazon SSL login issue
I've got a problem logging into my Amazon account (https) .
Running Pale Moon 24.7.1 for Linux, as found in the Tahrpup 6.0.2 distro.
I've enabled the ssl3 options as described in the warning post, as well as the security.tls.version.min value, which was already set to '0'.
The error displayed is:
"An error occurred during a connection to http://www.amazon.com.
The OCSP response is not yet valid (contains a date in the future).
(Error code: sec_error_ocsp_future_response)."
Is there a solution to this, so I don't have to revert to inferior browsers?
BTW, the progress bar is really nice for someone who has to use a 26.4 Kbps connection frequently.. . .
Thanks for any insight into this.
Running Pale Moon 24.7.1 for Linux, as found in the Tahrpup 6.0.2 distro.
I've enabled the ssl3 options as described in the warning post, as well as the security.tls.version.min value, which was already set to '0'.
The error displayed is:
"An error occurred during a connection to http://www.amazon.com.
The OCSP response is not yet valid (contains a date in the future).
(Error code: sec_error_ocsp_future_response)."
Is there a solution to this, so I don't have to revert to inferior browsers?
BTW, the progress bar is really nice for someone who has to use a 26.4 Kbps connection frequently.. . .
Thanks for any insight into this.
Re: Amazon SSL login issue
Please make sure your date, time and timezone are correct.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Amazon SSL login issue
Thank you.
I checked and the hardware and system clock/date are accurate, at least within two minutes.
Seamonkey and FF work on the links from within a few versions of Puppy (431, Slacko 5.7) and Chrome and FF under XP. I'll try rebooting tahrpup in case it is some system glitch.
Perhaps the firewall that came with this pup is doing it.
Here's where to verify the error. Go to Amazon.com as an unknown (new) person, then select 'login', and the error will follow shortly after it tries to negotiate the secure link. (repeated in/output activity occurs before the message). Gratis
I checked and the hardware and system clock/date are accurate, at least within two minutes.
Seamonkey and FF work on the links from within a few versions of Puppy (431, Slacko 5.7) and Chrome and FF under XP. I'll try rebooting tahrpup in case it is some system glitch.
Perhaps the firewall that came with this pup is doing it.
Here's where to verify the error. Go to Amazon.com as an unknown (new) person, then select 'login', and the error will follow shortly after it tries to negotiate the secure link. (repeated in/output activity occurs before the message). Gratis
Re: Amazon SSL login issue
Same error occurs here, when trying to edit my prefs from "User Control Panel".
PM reports:
"Secure Connection Failed
An error occurred during a connection to forum.palemoon.org. The OCSP response is not yet valid (contains a date in the future). (Error code: sec_error_ocsp_future_response)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site."
What could this be? My date and time at this moment is Saturday, 16 May, 2015 at 08:12 PST (GMT -8).
PM reports:
"Secure Connection Failed
An error occurred during a connection to forum.palemoon.org. The OCSP response is not yet valid (contains a date in the future). (Error code: sec_error_ocsp_future_response)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site."
What could this be? My date and time at this moment is Saturday, 16 May, 2015 at 08:12 PST (GMT -8).
Re: Amazon SSL login issue
Your date is wrong.The OCSP response is not yet valid (contains a date in the future)
Re: Amazon SSL login issue
I stand corrected: apparently this response is only for expired OCSP responses, not for those in the future.
Last edited by squarefractal on 2015-05-17, 07:17, edited 1 time in total.
Re: Amazon SSL login issue
No, you can't. Please don't suggest preferences unless you know what they are for.squarefractal wrote:As a temporary workaround, you can set security.ssl.allow_unsafe_ocsp_response to true from about:config.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Amazon SSL login issue
@L Bell
Did you check your time zone as well?
Did you check your time zone as well?
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Amazon SSL login issue
You folks solved it. The clock was approximately 1 minute 30 seconds in the future.
I used the 'Time Server Synchroniser' in PupClockset, which put me a few milli-seconds behind real-time, and now the page loads like a charm. Thanks for hammering me on this, and permission granted to make fun of me, or erase this thread. Sorry for the waste of time, but perhaps someone else might experience this.
No more time traveling for me!
I used the 'Time Server Synchroniser' in PupClockset, which put me a few milli-seconds behind real-time, and now the page loads like a charm. Thanks for hammering me on this, and permission granted to make fun of me, or erase this thread. Sorry for the waste of time, but perhaps someone else might experience this.
No more time traveling for me!
Re: Amazon SSL login issue
Update:
Amazons' SSL pages, at least all I tried, load fine from Pale Moon with the config flags mentioned set to 'false'. Now I'm really embarrassed.
The flags are as follows, for reference.
In the tahrpup 6.0.2 distro, with P.M. version 24.7.1, these were default as 'true'. (I'm aware these were changed in the new version(s) due to the known security risks clearly posted)
security.ssl3.rsa_rc4_128_sha (I, 'user' set to false)
security.ssl3.rsa_rc4_128_md5 (I, 'user' set to false),
security.tls.version.min (was set to '0' as default) Is this correct, or should it be raised?
Also noticed a flag in the same range:
security.ssl3.rsa_fips_des_ede3_sha was user set to true. Is this correct and safe?
I'm guessing that the 'user' who made the tahrpup distro made these changes in the config, and when making the image, it was a snapshot with all tweaked settings he was using.
Any comments ? (more on this wonderful browser in a separate post, to stay on topic)
LB
Amazons' SSL pages, at least all I tried, load fine from Pale Moon with the config flags mentioned set to 'false'. Now I'm really embarrassed.
The flags are as follows, for reference.
In the tahrpup 6.0.2 distro, with P.M. version 24.7.1, these were default as 'true'. (I'm aware these were changed in the new version(s) due to the known security risks clearly posted)
security.ssl3.rsa_rc4_128_sha (I, 'user' set to false)
security.ssl3.rsa_rc4_128_md5 (I, 'user' set to false),
security.tls.version.min (was set to '0' as default) Is this correct, or should it be raised?
Also noticed a flag in the same range:
security.ssl3.rsa_fips_des_ede3_sha was user set to true. Is this correct and safe?
I'm guessing that the 'user' who made the tahrpup distro made these changes in the config, and when making the image, it was a snapshot with all tweaked settings he was using.
Any comments ? (more on this wonderful browser in a separate post, to stay on topic)
LB
Re: Amazon SSL login issue
In Pale Moon 24.7.1, the RC4 ciphers were still enabled by default. RC4 was only disabled in 25.3, and similarly, the minimum protocol version was only set to TLS1 (pref set to 1 instead of 0) in 25.0.2 -- These are not user changes of the person packaging the browser, these are the defaults in the older version.
3DES still offers sufficient security for normal use, even though the encryption is relatively weak (only 112-bits encryption effectively). There are no clearly exploitable vulnerabilities in 3DES and it can only be broken with brute force, which is currently not feasible. Rough estimates, if no specific vulnerabilities are found would put it in the "safe enough" zone until about 2030 (estimate of 2007 by NIST).L Bell wrote:security.ssl3.rsa_fips_des_ede3_sha was user set to true. Is this correct and safe?
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Amazon SSL login issue
Thanks for helping it make sense.
Side note: Installed the Atom/XP version, and the default security settings work fine on the several places I visit that use SSL.
I'll post a question regarding running this version on a really old machine (2004 ASUS Salmon motherboard with only 1GB ram) after finishing other obligations.
Also was wondering if there is a .pet version for installing newer versions of PM within types of Puppy?
Side note: Installed the Atom/XP version, and the default security settings work fine on the several places I visit that use SSL.
I'll post a question regarding running this version on a really old machine (2004 ASUS Salmon motherboard with only 1GB ram) after finishing other obligations.
Also was wondering if there is a .pet version for installing newer versions of PM within types of Puppy?
- trava90
- Contributing developer
- Posts: 1742
- Joined: 2013-05-20, 18:19
- Location: Somewhere in Sector 001
Re: Amazon SSL login issue
Off-topic:
I believe there are, but not sure where or if they are up to date. You may check the Puppy Linux forum. You can also use our installer to install new versions as they become available.L Bell wrote:Also was wondering if there is a .pet version for installing newer versions of PM within types of Puppy?