Error code: SSL_ERROR_NO_CYPHER_OVERLAP Topic is solved

[f-117]

I am trying to access the NJDMV site to renew my registration. I keep getting this error (https://emvc.state.nj.us/mvc/emvc_vehrr.shtml)

I have read the FAQ topic on this (viewtopic.php?f=24&t=6262). I have been trying to make the suggested changes to Cypher's 1/2, as mentioned in the FAQ, but nothing works.

I have tried to contact them but got no answer.

I get this error in both PM 28.4.1 and the latest Basilisk.

I understand that the error may be on their end, but is there anything I can do in PM Commander?

Thanks for your help.

Scott

[Moonchild]

The site only supports 3DES and RC4 ciphers. Both of those are marked weak and need specific overrides as outlined in the FAQ.

[f-117]

Ok, I got it to work in PM by adding the url to "security.tls.insecure_fallback_hosts". That seems to work, but this change does not work in Basilisk.

Still trying...

Scott

[f-117]

Ok, I think it works in Basilisk now.

I changed the value in "security.ssl3.rsa_rc4_128_md5" to true. It seems to work now.

Scott

[Moonchild]

Please contact them and let them know their server needs to be looked at.

[New Tobin Paradigm]

Enabling insecure cyphers is NOT "working now". Please do as instructed above.

[gepus]

Enabling insecure cyphers is NOT "working now". Please do as instructed above.

Your goal is to protect the user and at the same time to enforce protection.
Most probable effect - the user will open such sites with another browser.

[Moonchild]

Enabling insecure cyphers is NOT "working now". Please do as instructed above.

Your goal is to protect the user and at the same time to enforce protection.
Most probable effect - the user will open such sites with another browser.

I'll do you a favor and remove all safety rails from bridges so you can fall off. After all, it's your choice to kill yourself. Right?

But in all seriousness: enabling known insecure ciphers to access any website should be a temporary exception only. If you prefer to throw all caution to the wind and you don't care that you think your connection is secure while it is not, then indeed, your choice should be clear: stop using Pale Moon. Its balanced and common-sense security profile clearly doesn't match what you expect from a web browser and you should instead choose one that will connect to sites at all costs, throwing your security and privacy to the wind.

So, make a choice, gepus: either switch browser (and get out of our hair) or stop trying to accuse our community of enforcing something that is in the user's best interest.

[gepus]

I'll do you a favor and remove all safety rails from bridges so you can fall off. After all, it's your choice to kill yourself. Right?

I didn't ask you for any favor. You might reread my post.

But in all seriousness: enabling known insecure ciphers to access any website should be a temporary exception only.

There is no visible option for a temporary exception in the above case.

Don't get me wrong, I couldn't care less. My remark was considered to be a hint (accusation???) regarding the consequences.

So, make a choice, gepus: either switch browser (and get out of our hair) or stop trying to accuse our community of enforcing something that is in the user's best interest.

Don't worry, there won't be any other hints in future so you can keep your hair clean.

[rmbowie]

There are cases when you need to use unsafe ciphers and unsafe plugins(java) that have nothing to do accessing a public website..

For example I'm able to get into an HP ILO3 session on an older server with Firefox but not with Pale Moon even if I use Pale Moon Commander to drop all ciphers down to exactly the same as the firefox connection (TLS1.1 RSA_WITH_3DES_EDE_CBC_SHA).

Of course with current firefox versions I hit the no java wall unless I install an old ESR version.

It would be nice to have some sort of expert toggle, or exception by IP/FQHN, on pale moon so that I can stop dragging around a Windows 7 VM.

Just a feature request for what could be an awesome web browser for sys admins..

Randy

[Moonchild]

If you read the instructions in the relevant FAQ carefully, you will see that this is exactly the way Pale Moon works: 3DES is considered a weak cypher and will need an entry in the "fallback hosts" preference to allow it to be used.