ssl_error_rx_malformed_server_hello

Users and developers helping users with generic and technical Pale Moon issues on all operating systems.

Moderator: trava90

Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
User avatar
Navigator
Moon lover
Moon lover
Posts: 99
Joined: 2023-02-24, 17:53

ssl_error_rx_malformed_server_hello

Unread post by Navigator » 2023-03-23, 15:13

After upgrading to 32.1.0 I cannot connect to my network router. I used to get a certificate warning error which I could bypass but now there is no provision for that I can see.
Secure Connection Failed

SSL received a malformed Server Hello handshake message.

(Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

Operating system: Linux Mint 21.1 Cinnamon
Browser version: 32.1.0
32-bit or 64-bit browser?: 64-bit
Problem URL: local
Browser theme (if not default):
Installed add-ons: list below
Installed plugins: (about:plugins): none

If possible, please include the output of help->troubleshooting information (as text):
Application Basics
------------------

Name: Pale Moon
Version: 32.1.0 (64-bit)
Build ID: 20230318200342
Update Channel: release
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Goanna/6.1 Firefox/102.0 PaleMoon/32.1.0
OS: Linux 5.15.0-67-generic
Safe Mode: false

Extensions
----------

Name: BIZARRE
Version: 32.1
Enabled: true
ID: {2CBD61D2-B553-57C0-B615-9244208C419E}

Name: Block Content
Version: 0.3
Enabled: true
ID: blockcont@mdsy

Name: Change Referer Button
Version: 0.5
Enabled: true
ID: {8eb2e77d-73aa-4620-a9dd-9ddae0602172}

Name: FireShot
Version: 0.99.15.1
Enabled: true
ID: {0b457cAA-602d-484a-8fe7-c1d894a011ba}

Name: Form History Control
Version: 1.4.0.6
Enabled: true
ID: formhistory@yahoo.com

Name: GeoFlag
Version: 32.0
Enabled: true
ID: {76843B06-C8C5-5088-90C5-679EA2F00123}

Name: Grabit
Version: 32.0
Enabled: true
ID: {77485BDA-6FFE-5A73-B3ED-943F929C15AE}

Name: Greasemonkey for Pale Moon
Version: 3.31.4
Enabled: true
ID: greasemonkeyforpm@janekptacijarabaci

Name: Multi Links Plus
Version: 3.9.3
Enabled: true
ID: multilinksplus@hugsmile.eu

Name: OpenBook
Version: 2.0.1.1
Enabled: true
ID: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce}

Name: Pure URL
Version: 3.3.3
Enabled: true
ID: pure-url@palemoon

Name: RightToClick
Version: 2.9.5.1-signed
Enabled: true
ID: {cd617375-6743-4ee8-bac4-fbf10f35729e}

Name: ScrapBook X
Version: 1.14.7
Enabled: true
ID: scrapbookx@addons.mozilla.org

Name: Self-Destructing Cookies for Pale Moon
Version: 1.0.4.13
Enabled: true
ID: {1607f7ec-8262-4016-b51f-f9f5b43d43f1}

Name: Stylem
Version: 2.2.9
Enabled: true
ID: {503a85e3-84c9-40e5-b98e-98e62085837f}

Name: Tab Groups
Version: 0.4
Enabled: true
ID: firefox-tabgroups@mozilla.com

Name: TableTools2
Version: 1.17.1-signed.1-signed
Enabled: true
ID: tabletools2@mingyi.org

Name: uBlock Origin
Version: 1.16.4.30
Enabled: true
ID: uBlock0@raymondhill.net

Name: User Agent Status
Version: 1.7.2
Enabled: true
ID: {05e3b9e9-0849-4202-9266-bc8a50b3e91f}

Name: Web Developer's Toolbox
Version: 1.1.2
Enabled: true
ID: {1945702a-44e8-4d01-a50b-6893582d909a}

Name: Zap Anything
Version: 1.4.1
Enabled: true
ID: {47001cee-21c8-4456-905a-f30019e83a3f}

Name: ηMatrix
Version: 5.0.3
Enabled: true
ID: eMatrix@vannilla.org

Name: Adblock Latitude
Version: 5.0.9
Enabled: false
ID: adblocklatitude@addons.palemoon.org

Name: FormFox
Version: 1.7.1-signed.1-signed
Enabled: false
ID: formfox@daniel.steinbrook

Name: Palefill Web Technologies Polyfill
Version: 1.26
Enabled: false
ID: palefill@addons.martoks-place.de

Name: Toggle JavaScript [Enabled/Disabled]
Version: 1.2.2.010
Enabled: false
ID: {b5af16a6-105d-4a14-a5a6-c2b358b06a04}

Name: Website Navigation Bar
Version: 3.3
Enabled: false
ID: {eab176e7-2072-480e-8db7-9e40a80723cd}

Graphics
--------

Features
Compositing: OpenGL
GPU Accelerated Windows: 2/2 OpenGL (OMTC)
Asynchronous Pan/Zoom: none
WebGL 1 Driver WSI Info: GLX 1.4 GLX_VENDOR(client): NVIDIA Corporation GLX_VENDOR(server): NVIDIA Corporation Extensions: GLX_ARB_get_proc_address GLX_ARB_multisample GLX_EXT_visual_info GLX_EXT_visual_rating GLX_EXT_import_context GLX_SGI_video_sync GLX_SGIX_fbconfig GLX_SGIX_pbuffer GLX_SGI_swap_control GLX_EXT_swap_control GLX_EXT_swap_control_tear GLX_EXT_buffer_age GLX_ARB_create_context GLX_ARB_create_context_profile GLX_NV_float_buffer GLX_ARB_fbconfig_float GLX_EXT_texture_from_pixmap GLX_EXT_framebuffer_sRGB GLX_NV_copy_image GLX_EXT_create_context_es_profile GLX_EXT_create_context_es2_profile GLX_ARB_create_context_no_error GLX_ARB_create_context_robustness GLX_NV_delay_before_swap GLX_EXT_stereo_tree GLX_ARB_context_flush_control GLX_NV_robustness_video_memory_purge GLX_NV_multigpu_context
WebGL 1 Driver Renderer: NVIDIA Corporation -- NVIDIA GeForce RTX 2060/PCIe/SSE2
WebGL 1 Driver Version: 4.6.0 NVIDIA 525.85.05
WebGL 1 Driver Extensions: GL_AMD_multi_draw_indirect GL_AMD_seamless_cubemap_per_texture GL_AMD_vertex_shader_viewport_index GL_AMD_vertex_shader_layer GL_ARB_arrays_of_arrays GL_ARB_base_instance GL_ARB_bindless_texture GL_ARB_blend_func_extended GL_ARB_buffer_storage GL_ARB_clear_buffer_object GL_ARB_clear_texture GL_ARB_clip_control GL_ARB_color_buffer_float GL_ARB_compatibility GL_ARB_compressed_texture_pixel_storage GL_ARB_conservative_depth GL_ARB_compute_shader GL_ARB_compute_variable_group_size GL_ARB_conditional_render_inverted GL_ARB_copy_buffer GL_ARB_copy_image GL_ARB_cull_distance GL_ARB_debug_output GL_ARB_depth_buffer_float GL_ARB_depth_clamp GL_ARB_depth_texture GL_ARB_derivative_control GL_ARB_direct_state_access GL_ARB_draw_buffers GL_ARB_draw_buffers_blend GL_ARB_draw_indirect GL_ARB_draw_elements_base_vertex GL_ARB_draw_instanced GL_ARB_enhanced_layouts GL_ARB_ES2_compatibility GL_ARB_ES3_compatibility GL_ARB_ES3_1_compatibility GL_ARB_ES3_2_compatibility GL_ARB_explicit_attrib_location GL_ARB_explicit_uniform_location GL_ARB_fragment_coord_conventions GL_ARB_fragment_layer_viewport GL_ARB_fragment_program GL_ARB_fragment_program_shadow GL_ARB_fragment_shader GL_ARB_fragment_shader_interlock GL_ARB_framebuffer_no_attachments GL_ARB_framebuffer_object GL_ARB_framebuffer_sRGB GL_ARB_geometry_shader4 GL_ARB_get_program_binary GL_ARB_get_texture_sub_image GL_ARB_gl_spirv GL_ARB_gpu_shader5 GL_ARB_gpu_shader_fp64 GL_ARB_gpu_shader_int64 GL_ARB_half_float_pixel GL_ARB_half_float_vertex GL_ARB_imaging GL_ARB_indirect_parameters GL_ARB_instanced_arrays GL_ARB_internalformat_query GL_ARB_internalformat_query2 GL_ARB_invalidate_subdata GL_ARB_map_buffer_alignment GL_ARB_map_buffer_range GL_ARB_multi_bind GL_ARB_multi_draw_indirect GL_ARB_multisample GL_ARB_multitexture GL_ARB_occlusion_query GL_ARB_occlusion_query2 GL_ARB_parallel_shader_compile GL_ARB_pipeline_statistics_query GL_ARB_pixel_buffer_object GL_ARB_point_parameters GL_ARB_point_sprite GL_ARB_polygon_offset_clamp GL_ARB_post_depth_coverage GL_ARB_program_interface_query GL_ARB_provoking_vertex GL_ARB_query_buffer_object GL_ARB_robust_buffer_access_behavior GL_ARB_robustness GL_ARB_sample_locations GL_ARB_sample_shading GL_ARB_sampler_objects GL_ARB_seamless_cube_map GL_ARB_seamless_cubemap_per_texture GL_ARB_separate_shader_objects GL_ARB_shader_atomic_counter_ops GL_ARB_shader_atomic_counters GL_ARB_shader_ballot GL_ARB_shader_bit_encoding GL_ARB_shader_clock GL_ARB_shader_draw_parameters GL_ARB_shader_group_vote GL_ARB_shader_image_load_store GL_ARB_shader_image_size GL_ARB_shader_objects GL_ARB_shader_precision GL_ARB_shader_storage_buffer_object GL_ARB_shader_subroutine GL_ARB_shader_texture_image_samples GL_ARB_shader_texture_lod GL_ARB_shading_language_100 GL_ARB_shader_viewport_layer_array GL_ARB_shading_language_420pack GL_ARB_shading_language_include GL_ARB_shading_language_packing GL_ARB_shadow GL_ARB_sparse_buffer GL_ARB_sparse_texture GL_ARB_sparse_texture2 GL_ARB_sparse_texture_clamp GL_ARB_spirv_extensions GL_ARB_stencil_texturing GL_ARB_sync GL_ARB_tessellation_shader GL_ARB_texture_barrier GL_ARB_texture_border_clamp GL_ARB_texture_buffer_object GL_ARB_texture_buffer_object_rgb32 GL_ARB_texture_buffer_range GL_ARB_texture_compression GL_ARB_texture_compression_bptc GL_ARB_texture_compression_rgtc GL_ARB_texture_cube_map GL_ARB_texture_cube_map_array GL_ARB_texture_env_add GL_ARB_texture_env_combine GL_ARB_texture_env_crossbar GL_ARB_texture_env_dot3 GL_ARB_texture_filter_anisotropic GL_ARB_texture_filter_minmax GL_ARB_texture_float GL_ARB_texture_gather GL_ARB_texture_mirror_clamp_to_edge GL_ARB_texture_mirrored_repeat GL_ARB_texture_multisample GL_ARB_texture_non_power_of_two GL_ARB_texture_query_levels GL_ARB_texture_query_lod GL_ARB_texture_rectangle GL_ARB_texture_rg GL_ARB_texture_rgb10_a2ui GL_ARB_texture_stencil8 GL_ARB_texture_storage GL_ARB_texture_storage_multisample GL_ARB_texture_swizzle GL_ARB_texture_view GL_ARB_timer_query GL_ARB_transform_feedback2 GL_ARB_transform_feedback3 GL_ARB_transform_feedback_instanced GL_ARB_transform_feedback_overflow_query GL_ARB_transpose_matrix GL_ARB_uniform_buffer_object GL_ARB_vertex_array_bgra GL_ARB_vertex_array_object GL_ARB_vertex_attrib_64bit GL_ARB_vertex_attrib_binding GL_ARB_vertex_buffer_object GL_ARB_vertex_program GL_ARB_vertex_shader GL_ARB_vertex_type_10f_11f_11f_rev GL_ARB_vertex_type_2_10_10_10_rev GL_ARB_viewport_array GL_ARB_window_pos GL_ATI_draw_buffers GL_ATI_texture_float GL_ATI_texture_mirror_once GL_S3_s3tc GL_EXT_texture_env_add GL_EXT_abgr GL_EXT_bgra GL_EXT_bindable_uniform GL_EXT_blend_color GL_EXT_blend_equation_separate GL_EXT_blend_func_separate GL_EXT_blend_minmax GL_EXT_blend_subtract GL_EXT_compiled_vertex_array GL_EXT_Cg_shader GL_EXT_depth_bounds_test GL_EXT_direct_state_access GL_EXT_draw_buffers2 GL_EXT_draw_instanced GL_EXT_draw_range_elements GL_EXT_fog_coord GL_EXT_framebuffer_blit GL_EXT_framebuffer_multisample GL_EXTX_framebuffer_mixed_formats GL_EXT_framebuffer_multisample_blit_scaled GL_EXT_framebuffer_object GL_EXT_framebuffer_sRGB GL_EXT_geometry_shader4 GL_EXT_gpu_program_parameters GL_EXT_gpu_shader4 GL_EXT_multi_draw_arrays GL_EXT_multiview_texture_multisample GL_EXT_multiview_timer_query GL_EXT_packed_depth_stencil GL_EXT_packed_float GL_EXT_packed_pixels GL_EXT_pixel_buffer_object GL_EXT_point_parameters GL_EXT_polygon_offset_clamp GL_EXT_post_depth_coverage GL_EXT_provoking_vertex GL_EXT_raster_multisample GL_EXT_rescale_normal GL_EXT_secondary_color GL_EXT_separate_shader_objects GL_EXT_separate_specular_color GL_EXT_shader_image_load_formatted GL_EXT_shader_image_load_store GL_EXT_shader_integer_mix GL_EXT_shadow_funcs GL_EXT_sparse_texture2 GL_EXT_stencil_two_side GL_EXT_stencil_wrap GL_EXT_texture3D GL_EXT_texture_array GL_EXT_texture_buffer_object GL_EXT_texture_compression_dxt1 GL_EXT_texture_compression_latc GL_EXT_texture_compression_rgtc GL_EXT_texture_compression_s3tc GL_EXT_texture_cube_map GL_EXT_texture_edge_clamp GL_EXT_texture_env_combine GL_EXT_texture_env_dot3 GL_EXT_texture_filter_anisotropic GL_EXT_texture_filter_minmax GL_EXT_texture_integer GL_EXT_texture_lod GL_EXT_texture_lod_bias GL_EXT_texture_mirror_clamp GL_EXT_texture_object GL_EXT_texture_shadow_lod GL_EXT_texture_shared_exponent GL_EXT_texture_sRGB GL_EXT_texture_sRGB_R8 GL_EXT_texture_sRGB_decode GL_EXT_texture_storage GL_EXT_texture_swizzle GL_EXT_timer_query GL_EXT_transform_feedback2 GL_EXT_vertex_array GL_EXT_vertex_array_bgra GL_EXT_vertex_attrib_64bit GL_EXT_window_rectangles GL_EXT_x11_sync_object GL_EXT_import_sync_object GL_NV_robustness_video_memory_purge GL_IBM_rasterpos_clip GL_IBM_texture_mirrored_repeat GL_KHR_context_flush_control GL_KHR_debug GL_EXT_memory_object GL_EXT_memory_object_fd GL_NV_memory_object_sparse GL_KHR_parallel_shader_compile GL_KHR_no_error GL_KHR_robust_buffer_access_behavior GL_KHR_robustness GL_EXT_semaphore GL_EXT_semaphore_fd GL_NV_timeline_semaphore GL_KHR_shader_subgroup GL_KTX_buffer_region GL_NV_alpha_to_coverage_dither_control GL_NV_bindless_multi_draw_indirect GL_NV_bindless_multi_draw_indirect_count GL_NV_bindless_texture GL_NV_blend_equation_advanced GL_NV_blend_equation_advanced_coherent GL_NVX_blend_equation_advanced_multi_draw_buffers GL_NV_blend_minmax_factor GL_NV_blend_square GL_NV_clip_space_w_scaling GL_NV_command_list GL_NV_compute_program5 GL_NV_compute_shader_derivatives GL_NV_conditional_render GL_NV_conservative_raster GL_NV_conservative_raster_dilate GL_NV_conservative_raster_pre_snap GL_NV_conservative_raster_pre_snap_triangles GL_NV_conservative_raster_underestimation GL_NV_copy_depth_to_color GL_NV_copy_image GL_NV_depth_buffer_float GL_NV_depth_clamp GL_NV_draw_texture GL_NV_draw_vulkan_image GL_NV_ES1_1_compatibility GL_NV_ES3_1_compatibility GL_NV_explicit_multisample GL_NV_feature_query GL_NV_fence GL_NV_fill_rectangle GL_NV_float_buffer GL_NV_fog_distance GL_NV_fragment_coverage_to_color GL_NV_fragment_program GL_NV_fragment_program_option GL_NV_fragment_program2 GL_NV_fragment_shader_barycentric GL_NV_fragment_shader_interlock GL_NV_framebuffer_mixed_samples GL_NV_framebuffer_multisample_coverage GL_NV_geometry_shader4 GL_NV_geometry_shader_passthrough GL_NV_gpu_program4 GL_NV_internalformat_sample_query GL_NV_gpu_program4_1 GL_NV_gpu_program5 GL_NV_gpu_program5_mem_extended GL_NV_gpu_program_fp64 GL_NV_gpu_shader5 GL_NV_half_float GL_NV_light_max_exponent GL_NV_memory_attachment GL_NV_mesh_shader GL_NV_multisample_coverage GL_NV_multisample_filter_hint GL_NV_occlusion_query GL_NV_packed_depth_stencil GL_NV_parameter_buffer_object GL_NV_parameter_buffer_object2 GL_NV_path_rendering GL_NV_path_rendering_shared_edge GL_NV_pixel_data_range GL_NV_point_sprite GL_NV_primitive_restart GL_NV_query_resource GL_NV_query_resource_tag GL_NV_register_combiners GL_NV_register_combiners2 GL_NV_representative_fragment_test GL_NV_sample_locations GL_NV_sample_mask_override_coverage GL_NV_scissor_exclusive GL_NV_shader_atomic_counters GL_NV_shader_atomic_float GL_NV_shader_atomic_float64 GL_NV_shader_atomic_fp16_vector GL_NV_shader_atomic_int64 GL_NV_shader_buffer_load GL_NV_shader_storage_buffer_object GL_NV_shader_subgroup_partitioned GL_NV_shader_texture_footprint GL_NV_shading_rate_image GL_NV_stereo_view_rendering GL_NV_texgen_reflection GL_NV_texture_barrier GL_NV_texture_compression_vtc GL_NV_texture_env_combine4 GL_NV_texture_multisample GL_NV_texture_rectangle GL_NV_texture_rectangle_compressed GL_NV_texture_shader GL_NV_texture_shader2 GL_NV_texture_shader3 GL_NV_transform_feedback GL_NV_transform_feedback2 GL_NV_uniform_buffer_unified_memory GL_NV_uniform_buffer_std430_layout GL_NV_vdpau_interop GL_NV_vdpau_interop2 GL_NV_vertex_array_range GL_NV_vertex_array_range2 GL_NV_vertex_attrib_integer_64bit GL_NV_vertex_buffer_unified_memory GL_NV_vertex_program GL_NV_vertex_program1_1 GL_NV_vertex_program2 GL_NV_vertex_program2_option GL_NV_vertex_program3 GL_NV_viewport_array2 GL_NV_viewport_swizzle GL_NVX_conditional_render GL_NV_gpu_multicast GL_NVX_progress_fence GL_NVX_gpu_memory_info GL_NVX_nvenc_interop GL_NV_shader_thread_group GL_NV_shader_thread_shuffle GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent GL_OVR_multiview GL_OVR_multiview2 GL_SGIS_generate_mipmap GL_SGIS_texture_lod GL_SGIX_depth_texture GL_SGIX_shadow GL_SUN_slice_accum
WebGL 1 Extensions: ANGLE_instanced_arrays EXT_blend_minmax EXT_color_buffer_half_float EXT_frag_depth EXT_sRGB EXT_shader_texture_lod EXT_texture_filter_anisotropic EXT_disjoint_timer_query MOZ_debug_get OES_element_index_uint OES_standard_derivatives OES_texture_float OES_texture_float_linear OES_texture_half_float OES_texture_half_float_linear OES_vertex_array_object WEBGL_color_buffer_float WEBGL_compressed_texture_etc WEBGL_compressed_texture_s3tc WEBGL_debug_renderer_info WEBGL_debug_shaders WEBGL_depth_texture WEBGL_draw_buffers WEBGL_lose_context MOZ_WEBGL_lose_context MOZ_WEBGL_compressed_texture_s3tc MOZ_WEBGL_depth_texture
WebGL 2 Driver WSI Info: GLX 1.4 GLX_VENDOR(client): NVIDIA Corporation GLX_VENDOR(server): NVIDIA Corporation Extensions: GLX_ARB_get_proc_address GLX_ARB_multisample GLX_EXT_visual_info GLX_EXT_visual_rating GLX_EXT_import_context GLX_SGI_video_sync GLX_SGIX_fbconfig GLX_SGIX_pbuffer GLX_SGI_swap_control GLX_EXT_swap_control GLX_EXT_swap_control_tear GLX_EXT_buffer_age GLX_ARB_create_context GLX_ARB_create_context_profile GLX_NV_float_buffer GLX_ARB_fbconfig_float GLX_EXT_texture_from_pixmap GLX_EXT_framebuffer_sRGB GLX_NV_copy_image GLX_EXT_create_context_es_profile GLX_EXT_create_context_es2_profile GLX_ARB_create_context_no_error GLX_ARB_create_context_robustness GLX_NV_delay_before_swap GLX_EXT_stereo_tree GLX_ARB_context_flush_control GLX_NV_robustness_video_memory_purge GLX_NV_multigpu_context
WebGL 2 Driver Renderer: NVIDIA Corporation -- NVIDIA GeForce RTX 2060/PCIe/SSE2
WebGL 2 Driver Version: 3.2.0 NVIDIA 525.85.05
WebGL 2 Driver Extensions: GL_AMD_multi_draw_indirect GL_AMD_seamless_cubemap_per_texture GL_AMD_vertex_shader_viewport_index GL_AMD_vertex_shader_layer GL_ARB_arrays_of_arrays GL_ARB_base_instance GL_ARB_bindless_texture GL_ARB_blend_func_extended GL_ARB_buffer_storage GL_ARB_clear_buffer_object GL_ARB_clear_texture GL_ARB_clip_control GL_ARB_color_buffer_float GL_ARB_compressed_texture_pixel_storage GL_ARB_conservative_depth GL_ARB_compute_shader GL_ARB_compute_variable_group_size GL_ARB_conditional_render_inverted GL_ARB_copy_buffer GL_ARB_copy_image GL_ARB_cull_distance GL_ARB_debug_output GL_ARB_depth_buffer_float GL_ARB_depth_clamp GL_ARB_depth_texture GL_ARB_derivative_control GL_ARB_direct_state_access GL_ARB_draw_buffers GL_ARB_draw_buffers_blend GL_ARB_draw_indirect GL_ARB_draw_elements_base_vertex GL_ARB_draw_instanced GL_ARB_enhanced_layouts GL_ARB_ES2_compatibility GL_ARB_ES3_compatibility GL_ARB_ES3_1_compatibility GL_ARB_ES3_2_compatibility GL_ARB_explicit_attrib_location GL_ARB_explicit_uniform_location GL_ARB_fragment_coord_conventions GL_ARB_fragment_layer_viewport GL_ARB_fragment_program GL_ARB_fragment_program_shadow GL_ARB_fragment_shader GL_ARB_fragment_shader_interlock GL_ARB_framebuffer_no_attachments GL_ARB_framebuffer_object GL_ARB_framebuffer_sRGB GL_ARB_geometry_shader4 GL_ARB_get_program_binary GL_ARB_get_texture_sub_image GL_ARB_gl_spirv GL_ARB_gpu_shader5 GL_ARB_gpu_shader_fp64 GL_ARB_gpu_shader_int64 GL_ARB_half_float_pixel GL_ARB_half_float_vertex GL_ARB_imaging GL_ARB_indirect_parameters GL_ARB_instanced_arrays GL_ARB_internalformat_query GL_ARB_internalformat_query2 GL_ARB_invalidate_subdata GL_ARB_map_buffer_alignment GL_ARB_map_buffer_range GL_ARB_multi_bind GL_ARB_multi_draw_indirect GL_ARB_multisample GL_ARB_multitexture GL_ARB_occlusion_query GL_ARB_occlusion_query2 GL_ARB_parallel_shader_compile GL_ARB_pipeline_statistics_query GL_ARB_pixel_buffer_object GL_ARB_point_parameters GL_ARB_point_sprite GL_ARB_polygon_offset_clamp GL_ARB_post_depth_coverage GL_ARB_program_interface_query GL_ARB_provoking_vertex GL_ARB_query_buffer_object GL_ARB_robust_buffer_access_behavior GL_ARB_robustness GL_ARB_sample_locations GL_ARB_sample_shading GL_ARB_sampler_objects GL_ARB_seamless_cube_map GL_ARB_seamless_cubemap_per_texture GL_ARB_separate_shader_objects GL_ARB_shader_atomic_counter_ops GL_ARB_shader_atomic_counters GL_ARB_shader_ballot GL_ARB_shader_bit_encoding GL_ARB_shader_clock GL_ARB_shader_draw_parameters GL_ARB_shader_group_vote GL_ARB_shader_image_load_store GL_ARB_shader_image_size GL_ARB_shader_objects GL_ARB_shader_precision GL_ARB_shader_storage_buffer_object GL_ARB_shader_subroutine GL_ARB_shader_texture_image_samples GL_ARB_shader_texture_lod GL_ARB_shading_language_100 GL_ARB_shader_viewport_layer_array GL_ARB_shading_language_420pack GL_ARB_shading_language_include GL_ARB_shading_language_packing GL_ARB_shadow GL_ARB_sparse_buffer GL_ARB_sparse_texture GL_ARB_sparse_texture2 GL_ARB_sparse_texture_clamp GL_ARB_spirv_extensions GL_ARB_stencil_texturing GL_ARB_sync GL_ARB_tessellation_shader GL_ARB_texture_barrier GL_ARB_texture_border_clamp GL_ARB_texture_buffer_object GL_ARB_texture_buffer_object_rgb32 GL_ARB_texture_buffer_range GL_ARB_texture_compression GL_ARB_texture_compression_bptc GL_ARB_texture_compression_rgtc GL_ARB_texture_cube_map GL_ARB_texture_cube_map_array GL_ARB_texture_env_add GL_ARB_texture_env_combine GL_ARB_texture_env_crossbar GL_ARB_texture_env_dot3 GL_ARB_texture_filter_anisotropic GL_ARB_texture_filter_minmax GL_ARB_texture_float GL_ARB_texture_gather GL_ARB_texture_mirror_clamp_to_edge GL_ARB_texture_mirrored_repeat GL_ARB_texture_multisample GL_ARB_texture_non_power_of_two GL_ARB_texture_query_levels GL_ARB_texture_query_lod GL_ARB_texture_rectangle GL_ARB_texture_rg GL_ARB_texture_rgb10_a2ui GL_ARB_texture_stencil8 GL_ARB_texture_storage GL_ARB_texture_storage_multisample GL_ARB_texture_swizzle GL_ARB_texture_view GL_ARB_timer_query GL_ARB_transform_feedback2 GL_ARB_transform_feedback3 GL_ARB_transform_feedback_instanced GL_ARB_transform_feedback_overflow_query GL_ARB_transpose_matrix GL_ARB_uniform_buffer_object GL_ARB_vertex_array_bgra GL_ARB_vertex_array_object GL_ARB_vertex_attrib_64bit GL_ARB_vertex_attrib_binding GL_ARB_vertex_buffer_object GL_ARB_vertex_program GL_ARB_vertex_shader GL_ARB_vertex_type_10f_11f_11f_rev GL_ARB_vertex_type_2_10_10_10_rev GL_ARB_viewport_array GL_ARB_window_pos GL_ATI_draw_buffers GL_ATI_texture_float GL_ATI_texture_mirror_once GL_S3_s3tc GL_EXT_texture_env_add GL_EXT_abgr GL_EXT_bgra GL_EXT_bindable_uniform GL_EXT_blend_color GL_EXT_blend_equation_separate GL_EXT_blend_func_separate GL_EXT_blend_minmax GL_EXT_blend_subtract GL_EXT_compiled_vertex_array GL_EXT_Cg_shader GL_EXT_depth_bounds_test GL_EXT_direct_state_access GL_EXT_draw_buffers2 GL_EXT_draw_instanced GL_EXT_draw_range_elements GL_EXT_fog_coord GL_EXT_framebuffer_blit GL_EXT_framebuffer_multisample GL_EXTX_framebuffer_mixed_formats GL_EXT_framebuffer_multisample_blit_scaled GL_EXT_framebuffer_object GL_EXT_framebuffer_sRGB GL_EXT_geometry_shader4 GL_EXT_gpu_program_parameters GL_EXT_gpu_shader4 GL_EXT_multi_draw_arrays GL_EXT_multiview_texture_multisample GL_EXT_multiview_timer_query GL_EXT_packed_depth_stencil GL_EXT_packed_float GL_EXT_packed_pixels GL_EXT_pixel_buffer_object GL_EXT_point_parameters GL_EXT_polygon_offset_clamp GL_EXT_post_depth_coverage GL_EXT_provoking_vertex GL_EXT_raster_multisample GL_EXT_rescale_normal GL_EXT_secondary_color GL_EXT_separate_shader_objects GL_EXT_separate_specular_color GL_EXT_shader_image_load_formatted GL_EXT_shader_image_load_store GL_EXT_shader_integer_mix GL_EXT_shadow_funcs GL_EXT_sparse_texture2 GL_EXT_stencil_two_side GL_EXT_stencil_wrap GL_EXT_texture3D GL_EXT_texture_array GL_EXT_texture_buffer_object GL_EXT_texture_compression_dxt1 GL_EXT_texture_compression_latc GL_EXT_texture_compression_rgtc GL_EXT_texture_compression_s3tc GL_EXT_texture_cube_map GL_EXT_texture_edge_clamp GL_EXT_texture_env_combine GL_EXT_texture_env_dot3 GL_EXT_texture_filter_anisotropic GL_EXT_texture_filter_minmax GL_EXT_texture_integer GL_EXT_texture_lod GL_EXT_texture_lod_bias GL_EXT_texture_mirror_clamp GL_EXT_texture_object GL_EXT_texture_shadow_lod GL_EXT_texture_shared_exponent GL_EXT_texture_sRGB GL_EXT_texture_sRGB_R8 GL_EXT_texture_sRGB_decode GL_EXT_texture_storage GL_EXT_texture_swizzle GL_EXT_timer_query GL_EXT_transform_feedback2 GL_EXT_vertex_array GL_EXT_vertex_array_bgra GL_EXT_vertex_attrib_64bit GL_EXT_window_rectangles GL_EXT_x11_sync_object GL_EXT_import_sync_object GL_NV_robustness_video_memory_purge GL_IBM_rasterpos_clip GL_IBM_texture_mirrored_repeat GL_KHR_context_flush_control GL_KHR_debug GL_EXT_memory_object GL_EXT_memory_object_fd GL_NV_memory_object_sparse GL_KHR_parallel_shader_compile GL_KHR_no_error GL_KHR_robust_buffer_access_behavior GL_KHR_robustness GL_EXT_semaphore GL_EXT_semaphore_fd GL_NV_timeline_semaphore GL_KHR_shader_subgroup GL_KTX_buffer_region GL_NV_alpha_to_coverage_dither_control GL_NV_bindless_multi_draw_indirect GL_NV_bindless_multi_draw_indirect_count GL_NV_bindless_texture GL_NV_blend_equation_advanced GL_NV_blend_equation_advanced_coherent GL_NVX_blend_equation_advanced_multi_draw_buffers GL_NV_blend_minmax_factor GL_NV_blend_square GL_NV_clip_space_w_scaling GL_NV_command_list GL_NV_compute_program5 GL_NV_compute_shader_derivatives GL_NV_conditional_render GL_NV_conservative_raster GL_NV_conservative_raster_dilate GL_NV_conservative_raster_pre_snap GL_NV_conservative_raster_pre_snap_triangles GL_NV_conservative_raster_underestimation GL_NV_copy_depth_to_color GL_NV_copy_image GL_NV_depth_buffer_float GL_NV_depth_clamp GL_NV_draw_texture GL_NV_draw_vulkan_image GL_NV_ES1_1_compatibility GL_NV_ES3_1_compatibility GL_NV_explicit_multisample GL_NV_feature_query GL_NV_fence GL_NV_fill_rectangle GL_NV_float_buffer GL_NV_fog_distance GL_NV_fragment_coverage_to_color GL_NV_fragment_program GL_NV_fragment_program_option GL_NV_fragment_program2 GL_NV_fragment_shader_barycentric GL_NV_fragment_shader_interlock GL_NV_framebuffer_mixed_samples GL_NV_framebuffer_multisample_coverage GL_NV_geometry_shader4 GL_NV_geometry_shader_passthrough GL_NV_gpu_program4 GL_NV_internalformat_sample_query GL_NV_gpu_program4_1 GL_NV_gpu_program5 GL_NV_gpu_program5_mem_extended GL_NV_gpu_program_fp64 GL_NV_gpu_shader5 GL_NV_half_float GL_NV_light_max_exponent GL_NV_memory_attachment GL_NV_mesh_shader GL_NV_multisample_coverage GL_NV_multisample_filter_hint GL_NV_occlusion_query GL_NV_packed_depth_stencil GL_NV_parameter_buffer_object GL_NV_parameter_buffer_object2 GL_NV_path_rendering GL_NV_path_rendering_shared_edge GL_NV_pixel_data_range GL_NV_point_sprite GL_NV_primitive_restart GL_NV_query_resource GL_NV_query_resource_tag GL_NV_register_combiners GL_NV_register_combiners2 GL_NV_representative_fragment_test GL_NV_sample_locations GL_NV_sample_mask_override_coverage GL_NV_scissor_exclusive GL_NV_shader_atomic_counters GL_NV_shader_atomic_float GL_NV_shader_atomic_float64 GL_NV_shader_atomic_fp16_vector GL_NV_shader_atomic_int64 GL_NV_shader_buffer_load GL_NV_shader_storage_buffer_object GL_NV_shader_subgroup_partitioned GL_NV_shader_texture_footprint GL_NV_shading_rate_image GL_NV_stereo_view_rendering GL_NV_texgen_reflection GL_NV_texture_barrier GL_NV_texture_compression_vtc GL_NV_texture_env_combine4 GL_NV_texture_multisample GL_NV_texture_rectangle GL_NV_texture_rectangle_compressed GL_NV_texture_shader GL_NV_texture_shader2 GL_NV_texture_shader3 GL_NV_transform_feedback GL_NV_transform_feedback2 GL_NV_uniform_buffer_unified_memory GL_NV_uniform_buffer_std430_layout GL_NV_vdpau_interop GL_NV_vdpau_interop2 GL_NV_vertex_array_range GL_NV_vertex_array_range2 GL_NV_vertex_attrib_integer_64bit GL_NV_vertex_buffer_unified_memory GL_NV_vertex_program GL_NV_vertex_program1_1 GL_NV_vertex_program2 GL_NV_vertex_program2_option GL_NV_vertex_program3 GL_NV_viewport_array2 GL_NV_viewport_swizzle GL_NVX_conditional_render GL_NV_gpu_multicast GL_NVX_progress_fence GL_NVX_gpu_memory_info GL_NVX_nvenc_interop GL_NV_shader_thread_group GL_NV_shader_thread_shuffle GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent GL_OVR_multiview GL_OVR_multiview2 GL_SGIS_generate_mipmap GL_SGIS_texture_lod GL_SGIX_depth_texture GL_SGIX_shadow GL_SUN_slice_accum
WebGL 2 Extensions: EXT_color_buffer_float EXT_texture_filter_anisotropic EXT_disjoint_timer_query MOZ_debug_get OES_texture_float_linear WEBGL_compressed_texture_etc WEBGL_compressed_texture_s3tc WEBGL_debug_renderer_info WEBGL_debug_shaders WEBGL_lose_context MOZ_WEBGL_lose_context MOZ_WEBGL_compressed_texture_s3tc
Hardware H264 Decoding: No
Audio Backend: pulse
GPU #1
Active: Yes
Description: NVIDIA Corporation -- NVIDIA GeForce RTX 2060/PCIe/SSE2
Vendor ID: NVIDIA Corporation
Device ID: NVIDIA GeForce RTX 2060/PCIe/SSE2
Driver Version: 4.6.0 NVIDIA 525.85.05

Diagnostics
AzureCanvasAccelerated: 0
AzureCanvasBackend: skia
AzureContentBackend: cairo
AzureFallbackCanvasBackend: cairo
CairoUseXRender: 1





Important Modified Preferences
------------------------------

accessibility.typeaheadfind.flashBar: 0
browser.cache.disk.capacity: 358400
browser.cache.disk.smart_size.first_run: false
browser.cache.disk.smart_size.use_old_max: false
browser.display.prefers_color_scheme: 2
browser.download.importedFromSqlite: true
browser.places.smartBookmarksVersion: 4
browser.search.suggest.enabled: false
browser.search.useDBForOrder: true
browser.startup.homepage: about:blank
browser.startup.homepage_override.buildID: 20230318200342
browser.startup.homepage_override.mstone: 6.1.0
extensions.lastAppVersion: 32.1.0
font.internaluseonly.changed: true
layers.acceleration.enabled: true
media.av1.enabled: true
network.cookie.cookieBehavior: 1
network.cookie.lifetimePolicy: 2
network.cookie.prefsMigrated: true
network.http.upgrade-insecure-requests: true
places.database.lastMaintenance: 1679419579
places.history.expiration.transient_current_max_pages: 86865
print.print_bgcolor: false
print.print_bgimages: false
print.print_duplex: 0
print.print_evenpages: true
print.print_in_color: true
print.print_margin_bottom: 0.5
print.print_margin_left: 0.5
print.print_margin_right: 0.5
print.print_margin_top: 0.5
print.print_oddpages: true
print.print_orientation: 0
print.print_page_delay: 50
print.print_paper_data: 0
print.print_paper_height: 11.00
print.print_paper_name: na_letter
print.print_paper_size_unit: 0
print.print_paper_width: 8.50
print.print_scaling: 1.00
print.print_shrink_to_fit: true
print.print_to_file: false
print.print_unwriteable_margin_bottom: 56
print.print_unwriteable_margin_left: 25
print.print_unwriteable_margin_right: 25
print.print_unwriteable_margin_top: 25
privacy.GPCheader.enabled: true
privacy.sanitize.migrateFx3Prefs: true
services.sync.declinedEngines:
services.sync.engine.greasemonkey: true
storage.vacuum.last.index: 1
storage.vacuum.last.places.sqlite: 1677291808

Important Locked Preferences
----------------------------

Places Database
---------------

JavaScript
----------

Incremental GC: true

Accessibility
-------------

Activated: false
Prevent Accessibility: 1

Library Versions
----------------

NSPR
Expected minimum version: 4.35
Version in use: 4.35

NSS
Expected minimum version: 3.79.4
Version in use: 3.79.4

NSSSMIME
Expected minimum version: 3.79.4
Version in use: 3.79.4

NSSSSL
Expected minimum version: 3.79.4
Version in use: 3.79.4

NSSUTIL
Expected minimum version: 3.79.4
Version in use: 3.79.4

User avatar
Nuck-TH
Project Contributor
Project Contributor
Posts: 197
Joined: 2020-03-02, 16:04

Re: ssl_error_rx_malformed_server_hello

Unread post by Nuck-TH » 2023-03-23, 15:19

Off-topic:
Just to note - you shouldn't have two adblockers(uBO and ABL) active at the same time. There may and will be functionality conflicts. Also there is the matter that uBO completely supersets ABL in block list syntax support and functionality, so the latter is not needed anyway.

User avatar
Navigator
Moon lover
Moon lover
Posts: 99
Joined: 2023-02-24, 17:53

Re: ssl_error_rx_malformed_server_hello

Unread post by Navigator » 2023-03-23, 15:24

Nuck-TH wrote:
2023-03-23, 15:19
Off-topic:
Just to note - you shouldn't have two adblockers(uBO and ABL) active at the same time. There may and will be functionality conflicts. Also there is the matter that uBO completely supersets ABL in block list syntax support and functionality, so the latter is not needed anyway.
Off-topic:
Adblock Latitude is Disabled. Is that still a problem?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: ssl_error_rx_malformed_server_hello

Unread post by Moonchild » 2023-03-23, 15:34

We updated our NSS library for added security on the web, which may be your issue here. Specifically old and insecure protocols and ciphers can be disabled in such an upgrade.
Since it's a local device, there's not really all that much we can offer in support right away. Which router are you using? How old is it? have you looked to see if there are any firmware upgrades available for it? Can you use standard http instead of https (assuming it's a residential device here and that your LAN is secure/shielded from the outside)?
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Navigator
Moon lover
Moon lover
Posts: 99
Joined: 2023-02-24, 17:53

Re: ssl_error_rx_malformed_server_hello

Unread post by Navigator » 2023-03-23, 16:26

Moonchild wrote:
2023-03-23, 15:34
We updated our NSS library for added security on the web, which may be your issue here. Specifically old and insecure protocols and ciphers can be disabled in such an upgrade.
Since it's a local device, there's not really all that much we can offer in support right away. Which router are you using? How old is it? have you looked to see if there are any firmware upgrades available for it? Can you use standard http instead of https (assuming it's a residential device here and that your LAN is secure/shielded from the outside)?
It is an Asus RT-AC65. It is using the latest firmware.

If I am able to change https to http on the router what are the security implications? It is a residential device but I don't know how well secured/shielded it is. Would anyone who connected to my Wi-Fi be able to sniff the router password when I sign in?

In Firefox I get "Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT" but I also get an Accept Risk and Continue button, much as I could create a security exception in the previous version of Pale Moon. With 32.1.0 there is no option to enable a bypass?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: ssl_error_rx_malformed_server_hello

Unread post by Moonchild » 2023-03-23, 16:44

Yeah a self-signed cert isn't a problem. A handshake hello error is because the TLS connections can't even be established.
Navigator wrote:
2023-03-23, 16:26
If I am able to change https to http on the router what are the security implications? It is a residential device but I don't know how well secured/shielded it is. Would anyone who connected to my Wi-Fi be able to sniff the router password when I sign in?
If someone successfully connects to your LAN over WiFi then yes, they will likely be able to sniff your router password if you're using plain http (unless the router uses PBKDF client-side and only accepts encrypted form submission -- but even that could possibly be subject to replay). Like I said that wouldn't be a problem if your LAN is secure, but if it isn't then you shouldn't be using unencrypted logins.

I'm not sure in what way I can help here. I'm using an Asus WRT router myself (RT-N66U) and don't have issues using https. It just complains about unknown issuer/self-signed.
Potentially they are trying to use TLS 1.3 in an earlier draft mode; you can try setting security.ssl.enable_tls13_compat_mode to true. if that doesn't help, another thing you can try is setting security.tls.version.max to 3.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Navigator
Moon lover
Moon lover
Posts: 99
Joined: 2023-02-24, 17:53

Re: ssl_error_rx_malformed_server_hello

Unread post by Navigator » 2023-03-23, 16:51

Moonchild wrote:
2023-03-23, 16:44
if that doesn't help, another thing you can try is setting security.tls.version.max to 3.
Thank you, that gives me the old behavior where I can create an exception and sign in. What are the other consequences of changing that setting, e.g. will I make other connections less secure by using it?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: ssl_error_rx_malformed_server_hello

Unread post by Moonchild » 2023-03-23, 17:03

Navigator wrote:
2023-03-23, 16:51
What are the other consequences of changing that setting, e.g. will I make other connections less secure by using it?
That depends on who you ask ;-)

In practice though, restricting yourself to TLS 1.2 isn't a problem. It is perfectly secure, just not the latest version of the protocol.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Nun2Swoon
Moongazer
Moongazer
Posts: 7
Joined: 2023-03-27, 14:47

Malformed server hello handhake with Let's Encrypt

Unread post by Nun2Swoon » 2023-03-27, 15:37

I am getting this error message with 32.1.0 (but not 32.0.1):

Secure Connection Failed
An error occurred during a connection to isw.pub.
SSL received a malformed Server Hello handshake message.
(Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO)

* This always occurs when site uses a Let's Encrypt SSL certificate.
* I have reverted back to 32.0.1 which does not have this bug.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Malformed server hello handhake with Let's Encrypt

Unread post by Moonchild » 2023-03-27, 18:44

Please provide an example URL.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Nun2Swoon
Moongazer
Moongazer
Posts: 7
Joined: 2023-03-27, 14:47

Re: Malformed server hello handhake with Let's Encrypt

Unread post by Nun2Swoon » 2023-03-27, 19:18

https://isw.pub/UkrWar032526

Error occurred at 2023.03.27.Mon_01.24_UTC.
Last edited by Nun2Swoon on 2023-03-27, 19:39, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Malformed server hello handhake with Let's Encrypt

Unread post by Moonchild » 2023-03-27, 19:23

That's a 404.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Nun2Swoon
Moongazer
Moongazer
Posts: 7
Joined: 2023-03-27, 14:47

Re: Malformed server hello handhake with Let's Encrypt

Unread post by Nun2Swoon » 2023-03-27, 19:36

With 3.1.0, the "malformed server hello handshake" message appears (incorrect message).

With 3.0.1, the 404 error message appears (correct message).

User avatar
Nigaikaze
Board Warrior
Board Warrior
Posts: 1322
Joined: 2014-02-02, 22:15
Location: Chicagoland

Re: Malformed server hello handhake with Let's Encrypt

Unread post by Nigaikaze » 2023-03-27, 20:22

Nun2Swoon wrote:
2023-03-27, 19:36
With 3.1.0, the "malformed server hello handshake" message appears (incorrect message).
I am using 3.1.0 here and I am getting the 404 message.
Nichi nichi kore ko jitsu = Every day is a good day.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Malformed server hello handhake with Let's Encrypt

Unread post by Moonchild » 2023-03-27, 21:34

Nigaikaze wrote:
2023-03-27, 20:22
I am using 3.1.0 here and I am getting the 404 message.
Same here. (32.1.0, that is, not 3.)

It's a bitly URL, and bitly's server handshake is just fine.
(Their HSTS lifetime is too short and their TLS session caching needs to be fixed, but those are irrelevant otherwise for this error mentioned)

Do you have any proxies or endpoint security in place like internet security suites?
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
pale guru
Moonbather
Moonbather
Posts: 61
Joined: 2021-11-06, 11:10
Location: Tyskland

Re: Malformed server hello handhake with Let's Encrypt

Unread post by pale guru » 2023-03-27, 21:52

Hint: The SSL_ERROR_RX_MALFORMED_SERVER_HELLO sometimes happen when the browser tries to initiate a HTTPS connection, but the/a server replies with plain HTTP content.

The reply can also come from a local router (ie. Fritz!box with blacklisted domain) or ISP who redirects requests for the desired URL.
… tanning in dimmed LCD light. – Evry 1′s a beginner, baby, that's the truth…

User avatar
Nun2Swoon
Moongazer
Moongazer
Posts: 7
Joined: 2023-03-27, 14:47

Re: Malformed server hello handhake with Let's Encrypt

Unread post by Nun2Swoon » 2023-03-27, 22:56

My firewall/router (OPNsense) and my Windows 10 laptop have remained unchanged for the last 10 days.
My Iridium (Chrome derivative) and Firefox browsers return the correct 404 error.

The only variable for me is that 3.0.1 gives the correct 404 message and 3.1.0 does not.

Whenever the next update/security release of Pale Moon comes out, I will see if the problem has resolved itself or not.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Malformed server hello handhake with Let's Encrypt

Unread post by Moonchild » 2023-03-28, 08:24

Nun2Swoon wrote:
2023-03-27, 22:56
I will see if the problem has resolved itself or not.
If you're not going to work with us to find out what exactly the problem seems to be, then nothing will "resolve itself". You can't treat it like it's an ailment or what not that can "resolve itself".

So, so far the only hint we have is OpnSense being in the middle that likely causes the problem, and that it is related to TLS 1.3 handshakes... somehow
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: ssl_error_rx_malformed_server_hello

Unread post by Moonchild » 2023-03-28, 08:40

Merged both topics for the sake of clarity.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: ssl_error_rx_malformed_server_hello

Unread post by Moonchild » 2023-03-28, 08:51

OK, so... some research indicates that one of the key security features of TLS 1.3 is downgrade protection that may be triggered if a middleware box or bad server sends a TLS 1.3 hello, specifically including the .random from it, but then tries to negotiate TLS 1.2 instead. This is especially problematic if it's (transparent) middleware that just forwards the origin server's hello but tries to negotiate a non-matching protocol version afterwards. This is effectively the browser doing what it is supposed to do ;)

Relevant bugs:
bug #1487279 We may want this one so affected people can switch off this protection
bug #1590870 Further bug discussion

Note: without a setup that actually breaks this, I can't verify any of this - this is educated guessing on my part so far.
A quick check however does indicate that NSS's default for the downgrade check when undefined was false, and this was likely flipped to true with our NSS library upgrade performed in 32.1.0
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Post Reply