Error code: SSL_ERROR_NO_CYPHER_OVERLAP Topic is solved
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
Error code: SSL_ERROR_NO_CYPHER_OVERLAP
I am trying to access the NJDMV site to renew my registration. I keep getting this error (https://emvc.state.nj.us/mvc/emvc_vehrr.shtml)
I have read the FAQ topic on this (viewtopic.php?f=24&t=6262). I have been trying to make the suggested changes to Cypher's 1/2, as mentioned in the FAQ, but nothing works.
I have tried to contact them but got no answer.
I get this error in both PM 28.4.1 and the latest Basilisk.
I understand that the error may be on their end, but is there anything I can do in PM Commander?
Thanks for your help.
Scott
I have read the FAQ topic on this (viewtopic.php?f=24&t=6262). I have been trying to make the suggested changes to Cypher's 1/2, as mentioned in the FAQ, but nothing works.
I have tried to contact them but got no answer.
I get this error in both PM 28.4.1 and the latest Basilisk.
I understand that the error may be on their end, but is there anything I can do in PM Commander?
Thanks for your help.
Scott
Re: Error code: SSL_ERROR_NO_CYPHER_OVERLAP
The site only supports 3DES and RC4 ciphers. Both of those are marked weak and need specific overrides as outlined in the FAQ.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Ok, I got it to work in PM by adding the url to "security.tls.insecure_fallback_hosts". That seems to work, but this change does not work in Basilisk.
Still trying...
Scott
Still trying...
Scott
Re: Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Ok, I think it works in Basilisk now.
I changed the value in "security.ssl3.rsa_rc4_128_md5" to true. It seems to work now.
Scott
I changed the value in "security.ssl3.rsa_rc4_128_md5" to true. It seems to work now.
Scott
Re: Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Please contact them and let them know their server needs to be looked at.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Enabling insecure cyphers is NOT "working now". Please do as instructed above.
Re: Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Your goal is to protect the user and at the same time to enforce protection.New Tobin Paradigm wrote:Enabling insecure cyphers is NOT "working now". Please do as instructed above.
Most probable effect - the user will open such sites with another browser.
Re: Error code: SSL_ERROR_NO_CYPHER_OVERLAP
I'll do you a favor and remove all safety rails from bridges so you can fall off. After all, it's your choice to kill yourself. Right?gepus wrote:Your goal is to protect the user and at the same time to enforce protection.New Tobin Paradigm wrote:Enabling insecure cyphers is NOT "working now". Please do as instructed above.
Most probable effect - the user will open such sites with another browser.
But in all seriousness: enabling known insecure ciphers to access any website should be a temporary exception only. If you prefer to throw all caution to the wind and you don't care that you think your connection is secure while it is not, then indeed, your choice should be clear: stop using Pale Moon. Its balanced and common-sense security profile clearly doesn't match what you expect from a web browser and you should instead choose one that will connect to sites at all costs, throwing your security and privacy to the wind.
So, make a choice, gepus: either switch browser (and get out of our hair) or stop trying to accuse our community of enforcing something that is in the user's best interest.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Error code: SSL_ERROR_NO_CYPHER_OVERLAP
I didn't ask you for any favor. You might reread my post.Moonchild wrote:I'll do you a favor and remove all safety rails from bridges so you can fall off. After all, it's your choice to kill yourself. Right?
There is no visible option for a temporary exception in the above case.Moonchild wrote: But in all seriousness: enabling known insecure ciphers to access any website should be a temporary exception only.
Don't get me wrong, I couldn't care less. My remark was considered to be a hint (accusation???) regarding the consequences.
Don't worry, there won't be any other hints in future so you can keep your hair clean.Moonchild wrote: So, make a choice, gepus: either switch browser (and get out of our hair) or stop trying to accuse our community of enforcing something that is in the user's best interest.
Re: Error code: SSL_ERROR_NO_CYPHER_OVERLAP
There are cases when you need to use unsafe ciphers and unsafe plugins(java) that have nothing to do accessing a public website..
For example I'm able to get into an HP ILO3 session on an older server with Firefox but not with Pale Moon even if I use Pale Moon Commander to drop all ciphers down to exactly the same as the firefox connection (TLS1.1 RSA_WITH_3DES_EDE_CBC_SHA).
Of course with current firefox versions I hit the no java wall unless I install an old ESR version.
It would be nice to have some sort of expert toggle, or exception by IP/FQHN, on pale moon so that I can stop dragging around a Windows 7 VM.
Just a feature request for what could be an awesome web browser for sys admins..
Randy
For example I'm able to get into an HP ILO3 session on an older server with Firefox but not with Pale Moon even if I use Pale Moon Commander to drop all ciphers down to exactly the same as the firefox connection (TLS1.1 RSA_WITH_3DES_EDE_CBC_SHA).
Of course with current firefox versions I hit the no java wall unless I install an old ESR version.
It would be nice to have some sort of expert toggle, or exception by IP/FQHN, on pale moon so that I can stop dragging around a Windows 7 VM.
Just a feature request for what could be an awesome web browser for sys admins..
Randy
Re: Error code: SSL_ERROR_NO_CYPHER_OVERLAP
If you read the instructions in the relevant FAQ carefully, you will see that this is exactly the way Pale Moon works: 3DES is considered a weak cypher and will need an entry in the "fallback hosts" preference to allow it to be used.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite