This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Error code: ssl_error_no_cypher_overlap

more options

hi i'm using firefox 33 right now

i have used thise setting for my firefox till i get an error for some https websites

security.tls.version.max;0 security.tls.version.min;0

it worked very well, but i dont know what happend it is useless now

i am getting thise error An error occurred during a connection to www.facebook.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

thise error appears on website like fb and binbox.io and most https website

when i change the setting to security.tls.version.max;0 security.tls.version.min;1 or changeing the version max to any number like 1 or 2 or 3 it works well !!! but thise setting is not working for facebook !!!

when i restore the setting to defaults thise error appears on https://facebook.com

An error occurred during a connection to www.facebook.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)

i got thise error last year so i solved it by changeing security.tls.version.max;3 to security.tls.version.max;0 and used thise setting for 1 year and worked well

but now i cant access most https websites

whats wrong with firefox ?

my os is win8

and ei has no problem with https websites

help me pls

and excuse me for my bad english

hi i'm using firefox 33 right now i have used thise setting for my firefox till i get an error for some https websites security.tls.version.max;0 security.tls.version.min;0 it worked very well, but i dont know what happend it is useless now i am getting thise error An error occurred during a connection to www.facebook.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) thise error appears on website like fb and binbox.io and most https website when i change the setting to security.tls.version.max;0 security.tls.version.min;1 or changeing the version max to any number like 1 or 2 or 3 it works well !!! but thise setting is not working for facebook !!! when i restore the setting to defaults thise error appears on https://facebook.com An error occurred during a connection to www.facebook.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) i got thise error last year so i solved it by changeing security.tls.version.max;3 to security.tls.version.max;0 and used thise setting for 1 year and worked well but now i cant access most https websites whats wrong with firefox ? my os is win8 and ei has no problem with https websites help me pls and excuse me for my bad english

All Replies (5)

more options

You may remember that the min/max values correspond to different versions of the SSL/TLS encryption protocol, from older to newer:

0 = SSL v3.0 1 = TLS 1.0 2 = TLS 1.1 3 = TLS 1.2

Nearly all sites in the world will work with TLS 1.0, and many now have upgraded to TLS 1.1 and 1.2 if the browser requests it.

But you may have heard in the news recently about a flaw in SSL v3.0 that is connected to a "POODLE" attack that allows your secure session to be hijacked. Many sites are turning off support for SSL v3.0 to protect their users. As a result, your max setting

security.tls.version.min = 0 (default setting)
security.tls.version.max = 0 (custom setting)

is pretty much obsolete now. To protect yourself from a POODLE attack, I suggest going the other way:

security.tls.version.min = 1 (custom setting)
security.tls.version.max = 3 (default setting)

To get back to your Facebook issue:

(1) Are you using a security filter for your secure connections? You sometimes can identify the filter by visiting the same site in another browser, clicking the padlock icon in the address bar, and viewing the site's secure certificate. The "Issued by" section will list your security software vendor instead of the normal issuing authority. Or it may indicate malware. It's definitely worth checking.

(2) Are you using a proxy connection (e.g., TOR or anonymous VPN service)? Some proxies may not have full support for TLS.

more options

thanks for your replay

are you saying that fb has upgraded its security ?

my main problem is my ISP !!! it doesn't allow users to access the fb !! i found out if i change my dns server i may access the fb so by changeing the dns server i can access the fb but i got a new problem Error code: ssl_error_rx_record_too_long i think this error is one of my ISP traps!! so i had to change max version to 0

to answer your questions (1) I am not using special security filter just my bitdefender firewall

(2) i am not using any vpn or proxy

i change my setting to what you suggested

min 1 max 3

but when i try to access fb although it connectes but thise error still exist Error code: ssl_error_rx_record_too_long

Modified by ferarri

more options

I don't know whether Facebook has dropped support for SSLv3 but if I were them, I would!

If your ISP is blocking Facebook, or secure connections to Facebook, I don't think that can be easily solved from within Firefox. I don't know why the previous workaround worked, maybe they could decrypt and read SSLv3 so they allowed it??

more options

today i have same problem with connecting to

https://support.mozilla.org

Error code: ssl_error_no_cypher_overlap

although I'm using the default setting !!!! max 3 min 0

(my internet connection was so slow, 5 KB i think)

but after two times refresh it becomes ok !!

what about now ???

i think this error is not from websites upgrading to TLS 1.1 and 1.2 as you said....

Modified by ferarri

more options

Maybe there was a temporary problem with this server? I don't have an explanation for that.