Users and developers helping users with generic and technical Pale Moon issues on all operating systems.
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
-
Lucio Chiappetti
- Astronaut
- Posts: 660
- Joined: 2014-09-01, 15:11
- Location: Milan Italy
Unread post
by Lucio Chiappetti » 2015-02-23, 12:33
I have just received an e-mail (not spam) from my municipal authorities, saying that they are refurbishing their portal, and that I need to refresh my registration.
However when I try to access (from PM 25.0.2 on SuSE LINUX) I get
Code: Select all
Secure Connection Failed
An error occurred during a connection to www.comune.milano.it. SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
Any hint about things to look in my configuration ?
The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. (G.B. Shaw)
-
Lucio Chiappetti
- Astronaut
- Posts: 660
- Joined: 2014-09-01, 15:11
- Location: Milan Italy
Unread post
by Lucio Chiappetti » 2015-02-23, 13:18
Pretty sure I did something about POODLE on my system a while ago. It would be very strange if the municipal authorities are improving their server using an obsolete or dangerous feature (but not impossible). Anyhow, if I change tls.min from 1 to 0, instead of the error code reported previously, I get a "server busy try later".
The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. (G.B. Shaw)
-
Lucio Chiappetti
- Astronaut
- Posts: 660
- Joined: 2014-09-01, 15:11
- Location: Milan Italy
Unread post
by Lucio Chiappetti » 2015-02-23, 17:06
Can somebody further help to diagnose the problem. User Agent Identification ? Sorry to say it, but I've been able to access the offending site with FF (and reset my password, that's all I had to do), but still PM cannot enter.
The site is
http://www.comune.milano.it. Then click on "Servizi online" and try to register "Accesso e registrazione" (near top right). The failure occurs here.
The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. (G.B. Shaw)
-
Moonchild
- Pale Moon guru
- Posts: 35637
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Unread post
by Moonchild » 2015-02-23, 17:52
Looks like they need to check and correct their server. I suggest they simply update their web server software to a current version.
https://www.ssllabs.com/ssltest/analyze.html?d=comune.milano.it
Grade given: F
This server is vulnerable to the POODLE attack against TLS servers. Patching required.
This server is vulnerable to MITM attacks because it supports insecure renegotiation.
Main problems for connectivity with Pale Moon:
The server supports only older protocols, but not the current best TLS 1.2.
There is no support for secure renegotiation.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
Lucio Chiappetti
- Astronaut
- Posts: 660
- Joined: 2014-09-01, 15:11
- Location: Milan Italy
Unread post
by Lucio Chiappetti » 2015-02-24, 09:17
Thanks. In a sense I am deluded by the fact they announced an upgrade of their servers and in fact downgraded it to an old unsecure protocol.
I will try to report it hoping that, as a public administration, they are more responsive than the typical ISP in this country.
The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. (G.B. Shaw)