This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Why don't you wait until web sites upgrade to the latest ssl before you start blocking SSLv3 ?

  • 1 cavab
  • 12 have this problem
  • 3 views
  • Last reply by cor-el

more options

Windows 8.1 firefox 33.1.1 First of all: Why doesn't Firefox wait for sites to upgrade beyond SSLv3 before you start blocking sites ? The main pain is logging into https PayPal ! Why doesn't Mozilla upgrade their SSL so I can log on there without going to IE11 ? All of these give me: This Connection is Untrusted

You have asked Firefox to connect securely to www.paypal.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

www.paypal.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)

Windows 8.1 firefox 33.1.1 First of all: Why doesn't Firefox wait for sites to upgrade beyond SSLv3 before you start blocking sites ? The main pain is logging into https PayPal ! Why doesn't Mozilla upgrade their SSL so I can log on there without going to IE11 ? All of these give me: This Connection is Untrusted You have asked Firefox to connect securely to www.paypal.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue. www.paypal.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)

All Replies (1)

more options

A website like paypal.com should work with SSL3 disabled, so something else should be wrong.

Start Firefox in Safe Mode to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem.

  • Switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance
  • Do NOT click the Reset button on the Safe Mode start window

Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.

Check out why the site is untrusted and click "Technical Details" to expand this section. If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.

You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"

Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".

  • Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.

You can see more Details like intermediate certificates that are used in the Details pane.

If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".

  • Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
  • Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.