UNIQA (uniqa.pl) – secure connection failed

For support with specific websites

Moderator: trava90

Forum rules
Please always mention the name/domain of the website in question in your topic title.
Please one website per topic thread (to help keep things organized). While behavior on different sites might at first glance seem similar, they are not necessarily caused by the same.

Please try to include any relevant output from the Toolkit Error Console or the Developer Tools Web Console using the following procedure:
  1. Clear any current output
  2. Navigate or refresh the page in question
  3. Copy and paste Errors or seemingly relevant Warnings into a single [ code ] block.
User avatar
inrobert
Hobby Astronomer
Hobby Astronomer
Posts: 24
Joined: 2018-04-03, 19:44

UNIQA (uniqa.pl) – secure connection failed

Unread post by inrobert » 2021-07-20, 19:00

UNIQA website (https://uniqa.pl/) not loading at all – showing "secure connection failed" error.

This is big insurance company website.

I'm using Pale Moon 29.3.0 (64-bit) on Windows 10 Home 64-bit. This error occurs since a few months. This website works well on Edge on the same PC.

New Tobin Paradigm

Re: UNIQA (uniqa.pl) – secure connection failed

Unread post by New Tobin Paradigm » 2021-07-20, 19:15

Please follow instructions above.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: UNIQA (uniqa.pl) – secure connection failed

Unread post by Moonchild » 2021-07-20, 20:41

New Tobin Paradigm wrote:
2021-07-20, 19:15
Please follow instructions above.
Won't help if the connection isn't even established.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: UNIQA (uniqa.pl) – secure connection failed

Unread post by Moonchild » 2021-07-20, 20:49

Well, there isn't much to be done except contacting the website owners.
We negotiate TLS 1.3 with them and then the connection gets hung up from the server side.

Of note they use public DH params (and weak ones) which can potentially already be broken meaning any DH suites in use, if negotiated, would not be secure in that case.
This tells me the person who installed the web server likely isn't too well-versed in setting up https.

(also their CSP is insanely huge and allowing just about everything used for tracking an generic Amazon AWS hosts :P might as well not have one if all that is allowed.)
default-src 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://www.uniqa.pl https://*.www.uniqa.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://www.uniqa.pl https://*.www.uniqa.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://*.uniqa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; script-src * 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://www.uniqa.pl https://*.www.uniqa.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://*.uniqa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; style-src 'unsafe-inline' https://fonts.googleapis.com https://druzynamaxa.edge.do https://surfly.io https://maxcdn.bootstrapcdn.com https://*.google.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://*.uniqa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; img-src 'self' https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://www.uniqa.pl https://*.www.uniqa.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://www.uniqa.pl https://*.www.uniqa.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://*.uniqa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com https://*.uniqa.pl data:
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked