Bank site won't load (loads in other browsers FF, IE and Edge).
OS is Windows 10 and PM version is 27.2.0 32bit.
Site is: https://www.myinvestorsbank.com/
Yields:
Secure Connection Failed
The connection to the server was reset while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Thanks.
Site won't load - secure connection problem Topic is solved
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only. The main focus here is on Pale Moon on Windows. Please direct your questions that are specific for Linux and Mac to the dedicated boards for those operating systems.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only. The main focus here is on Pale Moon on Windows. Please direct your questions that are specific for Linux and Mac to the dedicated boards for those operating systems.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
Site won't load - secure connection problem
I'm using Pale Moon version 28.1.0 (64-bit) on Windows 10 Home 64-bit.
Re: Site won't load - secure connection problem
I put the url through that ssl site and get this:
https://www.ssllabs.com/ssltest/analyze ... Results=on
https://www.ssllabs.com/ssltest/analyze ... Results=on
I'm using Pale Moon version 28.1.0 (64-bit) on Windows 10 Home 64-bit.
-
Pallid Planetoid
- Knows the dark side
- Posts: 3843
- Joined: 2015-10-06, 16:59
- Location: Los Angeles CA USA
Re: Site won't load - secure connection problem
Pale Moon is getting the following website identification for this bank (which is presumably why the website fails to load in PM):
Other browsers (FF, Chrome, IE etc) are getting the following website identification for this website (which is why the website loads successfully in other browsers):
Why this is the case is the next question to ask....
- circled part is not the same that other browsers get
- What the bank identification should look like and does in other browsers
Current Pale Moon(x86) Release | WIN10 | I5 CPU, 1.7 GHz, 6GB RAM, 500GB HD[20GB SSD]
Formerly user Pale Moon Rising - to provide context involving embedded reply threads.
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
Knowing Pale Moon is indisputably #1 is defined by knowing the totality of browsers. - Pale Moon Rising
Formerly user Pale Moon Rising - to provide context involving embedded reply threads.
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
Knowing Pale Moon is indisputably #1 is defined by knowing the totality of browsers. - Pale Moon Rising
-
Pallid Planetoid
- Knows the dark side
- Posts: 3843
- Joined: 2015-10-06, 16:59
- Location: Los Angeles CA USA
Re: Site won't load - secure connection problem
Did this banks website load successfully in a previous PM release?tenseys wrote:Bank site won't load (loads in other browsers FF, IE and Edge).
OS is Windows 10 and PM version is 27.2.0 32bit.
Site is: https://www.myinvestorsbank.com/
Current Pale Moon(x86) Release | WIN10 | I5 CPU, 1.7 GHz, 6GB RAM, 500GB HD[20GB SSD]
Formerly user Pale Moon Rising - to provide context involving embedded reply threads.
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
Knowing Pale Moon is indisputably #1 is defined by knowing the totality of browsers. - Pale Moon Rising
Formerly user Pale Moon Rising - to provide context involving embedded reply threads.
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
Knowing Pale Moon is indisputably #1 is defined by knowing the totality of browsers. - Pale Moon Rising
Re: Site won't load - secure connection problem
Hi.. thanks.
I don't know if it did... I don't remember. I just reinstalled PM after not having used it for a while.
Is there any trick i can do to make it load for me in PM?
I don't know if it did... I don't remember. I just reinstalled PM after not having used it for a while.
Is there any trick i can do to make it load for me in PM?
I'm using Pale Moon version 28.1.0 (64-bit) on Windows 10 Home 64-bit.
Re: Site won't load - secure connection problem
The problem is the following (misconfigured server):
This means the encryption falls back to 3DES; this has been disabled in Pale Moon because of the SWEET32 vulnerability (IE/Firefox and Chrome still accept this weak cipher... for now).
The bank should enable common cipher suites with forward secrecy and disable 3DES to have SSL security as one would expect from a bank.
e.g. elliptic curve key exchange:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) or
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
or if their server does not (yet) support EC, use standard Diffie-Hellman:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) or
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) or
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) or
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45)
If DHE isn't supported they can still use standard RSA key exchange:
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) or
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
If you must connect to the bank using weak encryption, you have to do two things in about:config:
Pale Moon doesn't accept the combination of RSA key exchange with AES+SHA256/384 because straight-up RSA key exchange is deprecated and makes no sense to combine with a very strong HMAC (Firefox also doesn't support this, for example; IE and Safari do).TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
This means the encryption falls back to 3DES; this has been disabled in Pale Moon because of the SWEET32 vulnerability (IE/Firefox and Chrome still accept this weak cipher... for now).
The bank should enable common cipher suites with forward secrecy and disable 3DES to have SSL security as one would expect from a bank.
e.g. elliptic curve key exchange:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) or
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
or if their server does not (yet) support EC, use standard Diffie-Hellman:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) or
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) or
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) or
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45)
If DHE isn't supported they can still use standard RSA key exchange:
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) or
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
If you must connect to the bank using weak encryption, you have to do two things in about:config:
- Enable 3DES: find security.ssl3.rsa_des_ede3_sha and double-click it to set to true
- Allow unrestricted fallback to weak ciphers for the site: find security.tls.insecure_fallback_hosts and double-click it, then add www.myinvestorsbank.com to that pref
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Re: Site won't load - secure connection problem
Okay, I'll take a look at that. Thanks Moonchild.
I'm using Pale Moon version 28.1.0 (64-bit) on Windows 10 Home 64-bit.
Re: Site won't load - secure connection problem
I've made sure to update the FAQ about this as well with the security.tls.insecure_fallback_hosts step which is now needed as an extra measure.
(you should contact the bank about this though, they really need to fix it)
(you should contact the bank about this though, they really need to fix it)
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss