Users and developers helping users with generic and technical Pale Moon issues on all operating systems.
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
-
moonbat
- Knows the dark side
- Posts: 4980
- Joined: 2015-12-09, 15:45
-
Contact:
Unread post
by moonbat » 2018-08-18, 08:53
Tried Gmail and the main Google page, what I get is
An error occurred during a connection to mail.google.com.
security library failure.
(Error code: SEC_ERROR_LIBRARY_FAILURE)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Is there a workaround - maybe changing SSL/TLS or allowed ciphers in the advanced settings?
Update: Set security.tls.version.max=3 in about:config, or if you have the Palemoon Commander addon, go to
Tools->Advanced preferences->Security->SSL tab and set
Highest supported protocol to
TLS 1.2.
Last edited by
moonbat on 2018-08-18, 09:57, edited 1 time in total.
-
Moonchild
- Pale Moon guru
- Posts: 35597
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
-
Contact:
Unread post
by Moonchild » 2018-08-18, 09:04
"Library failure" is a fault I have not seen before -- it suggests something is very wrong with NSS. Potentially something interfered with your update (antivirus perhaps) leaving old libraries in place.
I suggest trying to reinstall the browser.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
moonbat
- Knows the dark side
- Posts: 4980
- Joined: 2015-12-09, 15:45
-
Contact:
Unread post
by moonbat » 2018-08-18, 09:11
Uninstalled, reinstalled, same problem.
Edit: Happens with Facebook as well.
Edit 2:The sites work in safe mode. Both Google and Facebook show encryption information as AES-GCM, 128 bits and TLS 1.3. The other https sites that work, including this one, all use TLS 1.2. So could be a problem with TLS 1.3, unless someone can point to another TLS 1.3 site that works.
Last edited by
moonbat on 2018-08-18, 09:36, edited 2 times in total.
-
Moonchild
- Pale Moon guru
- Posts: 35597
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
-
Contact:
Unread post
by Moonchild » 2018-08-18, 09:23
Okay, you may have something interfering with your secure connections (probably TLS 1.3 not being understood by whatever is interfering).
Two things to try:
1. preferred: check and disable any https filtering that might be going on in your firewall, antivirus, or whatnot.
2. limit TLS to v1.2 in the browser by setting security.tls.version.max to "3"
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
moonbat
- Knows the dark side
- Posts: 4980
- Joined: 2015-12-09, 15:45
-
Contact:
Unread post
by moonbat » 2018-08-18, 09:40
Moonchild wrote:Okay, you may have something interfering with your secure connections (probably TLS 1.3 not being understood by whatever is interfering).
2. limit TLS to v1.2 in the browser by setting security.tls.version.max to "3"
Thanks, that fixed it. Was able to set it using the advanced preferences addon instead of going to about-config, since it's all the same. So is this a regression with PM 28's TLS support?
-
Moonchild
- Pale Moon guru
- Posts: 35597
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
-
Contact:
Unread post
by Moonchild » 2018-08-18, 10:24
No, it's not a regression.
TLS 1.3 is still not completely finalized so interop issues may occur.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
New Tobin Paradigm
Unread post
by New Tobin Paradigm » 2018-08-18, 10:50
Hopefully, they are done changing the specification so that a future update will resolve the TLS 1.3 issues.
-
Moonchild
- Pale Moon guru
- Posts: 35597
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
-
Contact:
Unread post
by Moonchild » 2018-08-18, 11:02
As an aside I have no problems using TLS 1.3 on either Google or Facebook with Pale Moon 28.0.0, so I do think it must be something specific to your setup, software running on your system, router or O.S. that interferes.
-
Attachments
-
Last edited by
Moonchild on 2018-08-18, 11:03, edited 1 time in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
moonbat
- Knows the dark side
- Posts: 4980
- Joined: 2015-12-09, 15:45
-
Contact:
Unread post
by moonbat » 2018-08-18, 12:57
Your screenshot looks like Windows 7, judging from the title bar. I'm on Windows 10 x64, so could be something there.
-
Goodydino
- Keeps coming back
- Posts: 827
- Joined: 2017-10-10, 21:20
Unread post
by Goodydino » 2018-08-18, 20:16
Can the browser not fall back to TLS 1.2 if there are problems with 1.3?
-
Moonchild
- Pale Moon guru
- Posts: 35597
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
-
Contact:
Unread post
by Moonchild » 2018-08-19, 09:57
Goodydino wrote:Can the browser not fall back to TLS 1.2 if there are problems with 1.3?
It can and it does, but not all problems are recoverable.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
moonbat
- Knows the dark side
- Posts: 4980
- Joined: 2015-12-09, 15:45
-
Contact:
Unread post
by moonbat » 2018-08-26, 06:40
Observation - I have a much older desktop, a Core 2 Duo with 2 GB RAM running 32-bit Windows 10 - and yesterday I booted it up after ages and upgraded PM to 28. This problem wasn't there with TLS max version set to 1.3, Google and Facebook loaded normally.
-
tenseys
Unread post
by tenseys » 2018-08-26, 14:28
I'm on Windows 10, and i don't have any problems with any sites.