Error code: ssl_error_no_cypher_overlap
hi i'm using firefox 33 right now
i have used thise setting for my firefox till i get an error for some https websites
security.tls.version.max;0 security.tls.version.min;0
it worked very well, but i dont know what happend it is useless now
i am getting thise error An error occurred during a connection to www.facebook.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)
thise error appears on website like fb and binbox.io and most https website
when i change the setting to security.tls.version.max;0 security.tls.version.min;1 or changeing the version max to any number like 1 or 2 or 3 it works well !!! but thise setting is not working for facebook !!!
when i restore the setting to defaults thise error appears on https://facebook.com
An error occurred during a connection to www.facebook.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
i got thise error last year so i solved it by changeing security.tls.version.max;3 to security.tls.version.max;0 and used thise setting for 1 year and worked well
but now i cant access most https websites
whats wrong with firefox ?
my os is win8
and ei has no problem with https websites
help me pls
and excuse me for my bad english
All Replies (5)
You may remember that the min/max values correspond to different versions of the SSL/TLS encryption protocol, from older to newer:
0 = SSL v3.0 1 = TLS 1.0 2 = TLS 1.1 3 = TLS 1.2
Nearly all sites in the world will work with TLS 1.0, and many now have upgraded to TLS 1.1 and 1.2 if the browser requests it.
But you may have heard in the news recently about a flaw in SSL v3.0 that is connected to a "POODLE" attack that allows your secure session to be hijacked. Many sites are turning off support for SSL v3.0 to protect their users. As a result, your max setting
security.tls.version.min = 0 (default setting) security.tls.version.max = 0 (custom setting)
is pretty much obsolete now. To protect yourself from a POODLE attack, I suggest going the other way:
security.tls.version.min = 1 (custom setting) security.tls.version.max = 3 (default setting)
To get back to your Facebook issue:
(1) Are you using a security filter for your secure connections? You sometimes can identify the filter by visiting the same site in another browser, clicking the padlock icon in the address bar, and viewing the site's secure certificate. The "Issued by" section will list your security software vendor instead of the normal issuing authority. Or it may indicate malware. It's definitely worth checking.
(2) Are you using a proxy connection (e.g., TOR or anonymous VPN service)? Some proxies may not have full support for TLS.
thanks for your replay
are you saying that fb has upgraded its security ?
my main problem is my ISP !!! it doesn't allow users to access the fb !! i found out if i change my dns server i may access the fb so by changeing the dns server i can access the fb but i got a new problem Error code: ssl_error_rx_record_too_long i think this error is one of my ISP traps!! so i had to change max version to 0
to answer your questions (1) I am not using special security filter just my bitdefender firewall
(2) i am not using any vpn or proxy
i change my setting to what you suggested
min 1 max 3
but when i try to access fb although it connectes but thise error still exist Error code: ssl_error_rx_record_too_long
Modified
I don't know whether Facebook has dropped support for SSLv3 but if I were them, I would!
If your ISP is blocking Facebook, or secure connections to Facebook, I don't think that can be easily solved from within Firefox. I don't know why the previous workaround worked, maybe they could decrypt and read SSLv3 so they allowed it??
today i have same problem with connecting to
Error code: ssl_error_no_cypher_overlap
although I'm using the default setting !!!! max 3 min 0
(my internet connection was so slow, 5 KB i think)
but after two times refresh it becomes ok !!
what about now ???
i think this error is not from websites upgrading to TLS 1.1 and 1.2 as you said....
Modified
Maybe there was a temporary problem with this server? I don't have an explanation for that.