This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

After updating to 36.0.1 this morning my online banking website for Intelligent Finance is no longer secure: https://my.if.com/Security/Auth/Logon

  • 9 replies
  • 4 have this problem
  • 8 views
  • Paskiausią atsakymą parašė philipp

more options

Always had the green padlock until this update. When I click on the orange triangle it tells me: “Connection partially encrypted. Parts of the page you are viewing are not encrypted or the encryption is not strong enough before being transmitted over the internet. Information sent over the internet without encryption can be seen by other people while it is in transit.” Yet when I open the same page in Internet Explorer there’s a gold padlock which states “ fully encrypted” when clicked and certificate issued by VeriSign. Can others please confirm that that they also cannot access the fully encrypted page on https://my.if.com/Security/Auth/Logon via Firefox 36.0.1 so that I can be sure the problem solely relates to this latest Firefox version? If so, is there any solution other than to use I.E. and hope the next update fixes the bug?

Always had the green padlock until this update. When I click on the orange triangle it tells me: “Connection partially encrypted. Parts of the page you are viewing are not encrypted or the encryption is not strong enough before being transmitted over the internet. Information sent over the internet without encryption can be seen by other people while it is in transit.” Yet when I open the same page in Internet Explorer there’s a gold padlock which states “ fully encrypted” when clicked and certificate issued by VeriSign. Can others please confirm that that they also cannot access the fully encrypted page on https://my.if.com/Security/Auth/Logon via Firefox 36.0.1 so that I can be sure the problem solely relates to this latest Firefox version? If so, is there any solution other than to use I.E. and hope the next update fixes the bug?

All Replies (9)

more options

In Firefox 36.0, there is a gray triangle with an exclamation point; I don't have 36.0.1 on this PC yet.

Google Chrome's connection description (attached) probably identifies the problem: the server uses an older RC4 cipher that is no longer considered secure in Firefox 36.0 and higher, so you get the triangle instead of the padlock.

I'm not sure when (?!) Firefox will have better explanations for this issue in the user interface: it's definitely hard to distinguish from other reasons for that icon.

more options

Firefox use this cipher for me: TLS_RSA_WITH_RC4_128_MD5 If I disable security.ssl3.rsa_rc4_128_md5 then I get this error:

An error occurred during a connection to my.if.com. SSL peer rejected a handshake message for unacceptable content. (Error code: ssl_error_illegal_parameter_alert)

So it looks that the server really needs to update its software and install support for more up to date ciphers.

more options

Thanks to both of the helpful explanations. So it's not Firefox at fault, but the bank's software. That really is disgraceful that a UK bank, ultimately owned by Lloyds banking group, is potentially exposing customers bank accounts by using obsolete insecure cryptography. I supose my only resource is to complain and bring this to the attentiom of Intelligent Finance bank?

To cor-el, How does one disable security.ssl3.rsa_rc4_128_md5?

more options

Type about:config in the Location Bar and hit Enter. accept the warning message

Paste security.ssl3.rsa_rc4_128_md5 in the Search field at the top.

Then double-click that one pref below where it says Preference Name - Status - Type - Value to toggle that pref to false. Then close / restart Firefox.

more options

Thank you, the-edmeister. At least I now know the culprit is my bank's servers and not the Firefox update. How much risk, in reality, do people think I'm taking if I continue to login online to the bank with it's current encryption? I do need to access my accounts on a regular basis. I suppose using I.E. wouldn't be any more secure than using Firefox, just because I.E. hasn't yet identified the obsolete cryptography?

more options

Firefox still uses the HTTPS protocol to connect to the server. Only the cipher suite that is used is no longer considered strong enough and that is why you won't see the padlock. As long as Firefox or you do not disable this cipher suite then you will still be able to connect to servers. All websites that use weak ciphers will have to update their software.

more options

cor-el said

As long as Firefox or you do not disable this cipher suite then you will still be able to connect to servers. All websites that use weak ciphers will have to update their software.

So you think there's very little risk of any traffic between my computer and the Intelligent Finance website being read by anyone in transit, even with the server's weak encryption?

more options

I've tried all of these recommendations and none of them help. I still get a triangle with an exclamation mark instead of a padlock. Here are some screenshots of the error::

http://www.silkblooms.co.uk/images/prototypes/ssl3.jpg http://www.silkblooms.co.uk/images/prototypes/ssl2.jpg http://www.silkblooms.co.uk/images/prototypes/ssl1.jpg

The SSL certificate is modern, up-to-date with the latest technology and I have no proxy settings in the tools>options>advanced>Network>connection>settings area (so it's not that).

Can anyone help me diagnose the issue on my own website in particular?

Thanks in advance for any help or advice you can offer.

more options

@silkblooms, let's continue the discussion in the thread that you have created at https://support.mozilla.org/en-US/questions/1051000