Since some people run into issues with secure servers in 25.0.2 and later, this FAQ entry provides an answer for three important issues with websites and Pale Moon's security preventing connections from being established. To see what applies to you, please check the specific error on the connection failure screen. Also, before writing to us for a support request if it is covered by this FAQ, take a moment to do what the error screen says: Contact the website owners and inform them of this problem. Secure connection errors are almost always an issue that has to be solved by the server operators and is not an issue in the browser.
- Connections to secure servers (https) that might have worked prior to 25.0.2 may stop working in 25.0.2 and later.
You may get errors like "Connection interrupted while the page was loading" or "ssl_error_bad_mac_read" and similar.
This is caused by 25.0.2 disabling the SSL 3.0 protocol for secure connections. - Connections to secure servers that might have worked prior to 25.3 may stop working in 25.3 and later.
You are getting an error indicating "ssl_error_no_cypher_overlap" or "Connection interrupted while the page was loading".
This is caused by 25.3 disabling the RC4 encryption ciphers for secure connections. - Connections to secure servers that might have worked prior to 25.5 may stop working in 25.5 and later.
You are getting an error indicating "ssl_error_weak_server_ephemeral_dh_key".
This is caused by 25.5 no longer accepting export-grade DH keys and fixing the Logjam vulnerability. - Connections to secure servers that might have worked prior to 26.4.1 may stop working in 26.4.1 and later.
You are getting an error indicating "ssl_error_no_cypher_overlap" or "Connection interrupted while the page was loading".
This is caused by 26.4.1 disabling the 3DES encryption ciphers for secure connections.
For point 1: SSL 3.0
Why was SSL 3.0 disabled?
To be brief: because it is no longer secure and can be abused for Man-in-the-Middle attacks.
By its popular acronym it's known as POODLE, and you can find information about it on the web:
Article about POODLE on Wikipedia
Google announcement
and many others (do a search)
Why is this a problem on some servers?
Some https servers will no longer work for Pale Moon as a result of disabling SSL 3.0.
This can happen in 2 situations, both need to be addressed by the server operators.
- The server only supports the SSL 3.0 protocol. This is pretty bad, but can happen with misconfigured or particularly old servers. TLS has been around for a long time, and should have been enabled a long time ago.
- The server does support TLS, but doesn't support TLS 1.2 and has secure renegotiation disabled.
Once again, not supporting TLS 1.2 means that the server software should be upgraded to a recent version (any modern version of web server software will support TLS 1.2 and its more secure ciphers).
The other problem, the lack of secure renegotiation, is something that is likely left over from the SSL/TLS gap a long time ago, where, for a time, it was recommended to disable this as a temporary workaround while software was updated. It seems that server operators have never disabled this workaround that is, at most, a crutch and not a solution for a now no longer applicable problem. See, e.g.: https://community.qualys.com/blogs/securitylabs/2010/10/06/disabling-ssl-renegotiation-is-a-crutch-not-a-fix
The reason this fails is because Pale Moon tries TLS 1.2 first, and if it cannot renegotiate a different TLS protocol in a secure way, will discard the TLS protocol as a valid option, and would previously fall back to SSL 3.0 - with SSL 3.0 disabled now, there are no methods left to create a secure connection.
If you absolutely have to connect to a server that will only negotiate SSL 3.0 or doesn't support secure renegotiation for TLS, you can re-enable SSL 3.0 in Pale Moon. Please try to work out the issue with the operator of the server you are connecting to, and disable SSL 3.0 again the moment you no longer need it, to keep yourself safe from POODLE:
Option 1: use Pale Moon Commander
- Install the Pale Moon Commander extension
- After restart, go to Pale Moon button -> Options> -> Advanced options... (In the classic menu: Tools -> Advanced options...)
- Go to Security, SSL, and set "Lowest supported protocol" to "SSL 3.0"
- In the address bar, type about:config and press enter
- In the preferences list, find security.tls.version.min
- Double-click this value to edit it, and enter 0 as the new value
For point 2: RC4
Why was RC4 disabled?
RC4 is a stream cipher that has had known weaknesses for over a decade. Thus far, it's been secure enough for most purposes because of lack of practical exploits of those weaknesses, and for a time it was a temporary workaround for some attacks against block ciphers (which may have prompted server operators to explicitly only support RC4). These block cipher issues have long since been resolved (Apple, that last one to mitigate BEAST, did so in October 2013), so there is no reason to not use AES and similar block ciphers again, especially if you use the stronger GCM ciphers as offered by TLS 1.2. This relative safety of RC4 is no longer the case, though, and it should be considered obsolete.
With the emergence of RFC 7465, Cloudflare disabling RC4 permanently on all of its (millions) of SSL websites, and there being whispers in the academic circles of a different, much easier attack on RC4 to break its encryption, it was time to switch off RC4 in Pale Moon 25.3.
As a result, servers that are still using the (just as obsolete) workaround for the past block cipher issues and restricting connections solely to RC4 will cause connection issues in Pale Moon now.
You should immediately contact the server operators and inform them of this issue. All main, current browsers will drop support for RC4 in early 2016.
I absolutely MUST connect to this broken secure server RIGHT NOW. Help?!
If you absolutely have to connect to a server that will only use RC4, you can re-enable RC4 ciphers in Pale Moon. Please try to work out the issue with the operator of the server you are connecting to, and disable RC4 again the moment you no longer need it, to keep yourself safe from decryption exploits:
Option 1: use Pale Moon Commander
- Install the Pale Moon Commander extension
- After restart, go to Pale Moon button -> Options> -> Advanced options... (In the classic menu: Tools -> Advanced options...)
- Go to Security, Ciphers1, and check the box alongside "RSA-RC4-SHA" (and if that doesn't help, also try "RSA-RC4-MD5" which is even weaker)
- IMPORTANT for Pale Moon 27.2 and later: You must also allow unrestricted fallback to weak ciphers for the site: find security.tls.insecure_fallback_hosts and double-click it, then add the hostname of the site you want to connect to (e.g. www.insecurebank.com) to that preference. You can add multiple sites if needed, separated by a comma (e.g. www.insecurebank.com,www.anotherbadsite.com)
- In the address bar, type about:config and press enter
- In the preferences list, find security.ssl3.rsa_rc4_128_sha
- Double-click this value to set it to true
- Repeat if needed for security.ssl3.rsa_rc4_128_md5
- IMPORTANT for Pale Moon 27.2 and later: You must also allow unrestricted fallback to weak ciphers for the site: find security.tls.insecure_fallback_hosts and double-click it, then add the hostname of the site you want to connect to (e.g. www.insecurebank.com) to that preference. You can add multiple sites if needed, separated by a comma (e.g. www.insecurebank.com,www.anotherbadsite.com)
For point 3: Weak DH keys
Why are these keys disabled?
They were disabled to mitigate the Logjam attack against the TLS protocol. The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, and attacks a Diffie-Hellman (DH) key exchange. Through this attack, anyone with the proper position and gear can snoop on your secure connections (and retroactively decrypt them) in as little as 90 seconds from when you first make the connection. Any DH keys less than 1024-bits are therefore rejected (as an absolute minimum) in Pale Moon 25.5 and later.
More (and very detailed) information at https://weakdh.org
If you run into connection errors with this issue, it means that the server you connect to:
- Offers and potentially prefers the DHE key exchange, AND
- Uses a (static) DH key that is less than 1024-bits
Since key sizes cannot be determined before an encryption method is agreed upon, the only way to deal with it is to refuse the connection on the browser side if it is unacceptably weak; as a result, Pale Moon refuses to let you communicate in an unsafe way and closes the connection.
I absolutely MUST connect to this broken secure server RIGHT NOW. Help?!
If you absolutely have to connect to a server that has this combination of settings, you can disable DHE cipher suites in Pale Moon, forcing the server to use a different cipher suite that is not vulnerable. The drawback of this is that potentially good encryption elsewhere is also disabled (because DHE is a good key exchange method, as long as the keys are sufficiently strong) and may fall back to something weaker - so it is recommended to re-enable these cipher suites once the problem with the server has been solved by the server operators:
Option 1: use Pale Moon Commander
- Install the Pale Moon Commander extension
- After restart, go to Pale Moon button -> Options> -> Advanced options... (In the classic menu: Tools -> Advanced options...)
- Go to Security, Ciphers1, and clear the boxes alongside all "DHE-DSS" and "DHE-RSA" cipher suites (the entire left column)
- In the address bar, type about:config and press enter
- In the preferences list, find all preferences that start with security.ssl3.dhe_
- Double-click these values until all of them are set to "false"
For point 4: 3DES
Why was 3DES (Triple-DES) disabled?
3DES is a block cipher that has been marked as potentially weak for some time. Thus far, it's been secure enough for most purposes because of lack of practical exploits of those weaknesses, but with the advent of the so-called "SWEET32" attack that exploits its relatively small block size, attacks against it have become feasible, putting it in a similar position to RC4 as far as vulnerability is concerned.
You should immediately contact the server operators and inform them of this issue. If their only available cipher is 3DES, then something is considerably misconfigured or very old server software is in use.
I absolutely MUST connect to this broken secure server RIGHT NOW. Help?!
If you absolutely have to connect to a server that will only use 3DES, you can re-enable the ciphers in Pale Moon. Please try to work out the issue with the operator of the server you are connecting to, and disable 3DES again the moment you no longer need it, to keep yourself safe from decryption exploits:
Option 1: use Pale Moon Commander
- Install the Pale Moon Commander extension
- After restart, go to Pale Moon button -> Options> -> Advanced options... (In the classic menu: Tools -> Advanced options...)
- Go to Security, Ciphers1/2, and check the box alongside "RSA-DES-EDE3-SHA", "ECDHE-RSA-DES-EDE3-SHA" and "ECDHE-ECDSA-DES-EDE3-SHA"
- IMPORTANT for Pale Moon 27.2 and later: You must also allow unrestricted fallback to weak ciphers for the site: find security.tls.insecure_fallback_hosts and double-click it, then add the hostname of the site you want to connect to (e.g. www.insecurebank.com) to that preference. You can add multiple sites if needed, separated by a comma (e.g. www.insecurebank.com,www.anotherbadsite.com)
- In the address bar, type about:config and press enter
- In the preferences list, find security.ssl3.ecdh_ecdsa_des_ede3_sha
- Double-click this value to set it to true
- Repeat for security.ssl3.ecdhe_rsa_des_ede3_sha and security.ssl3.rsa_des_ede3_sha
- IMPORTANT for Pale Moon 27.2 and later: You must also allow unrestricted fallback to weak ciphers for the site: find security.tls.insecure_fallback_hosts and double-click it, then add the hostname of the site you want to connect to (e.g. www.insecurebank.com) to that preference. You can add multiple sites if needed, separated by a comma (e.g. www.insecurebank.com,www.anotherbadsite.com)