hi safoxusr, it is rather unlikely that firefox will show this alert in error. maybe chaseonline.chase.com was redirecting you to another domain during the transaction - can you note the exact domain the next time this happens? also, which security program are you using?

Thanks for the quick reply.

The website was not trying to redirect, I was typing in a secure mail message at the time.

I tried several times to relogin to my account and only got the generic message page about firefox not being able to securely access the site because of SSLv3 issues. During this time I never got past this point trying to login to the site.

During this time I now realize the browser was stuck between versions (34.0.5 and 35). Although I still don't know why 34.0.5 thru up this error when I had been using it for quite a while I was able to resolve the problem by closing and restarting my browser.

In other words I am now able to access the chase website without errors.

This is reason I rarely, if ever, allow software to auto-magically update itself in the background. I will be turning this off and installing updates manually.

Thanks for you comments and feedback!

Sa

Starting Firefox 34.0 the vulnerable SSL 3.0 has been disable and TLS 1.0 is the minimum used by default. https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

Do you have Avast? as the https-scanning in Avast can actually make your connection less secure in some case and cause problems like this. So if you have Avast disable the https-scanning in Avast.

I have also been seeing this issue on several sites as well. One was Facebook. After getting the message screen , a refresh took me to the site without further issues. I am using Firefox 35.0.1 and the security software is McAfee. This only started after upgrading to the latest Flash Player release , if that helps.

Deleted - accidental dupe.

Confirmed this is a bug - kind of. Firefox is displaying a misleading error message.

If SSLv3 Protocol support is disabled on the server commonly the SSLv3 cipher suite is removed as well. The SSLv3 cipher suite also happens to be the TLSv1 cipher suite.

I encountered this bug on a web server that was configured to only use TLSv1.2, with no SSLv3 ciphers supported.

The cipherlist on the server at the time of the error:

openssl ciphers -v 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4-SHA:RC4-MD5:RC4+RSA:RC4:+HIGH:!MD5:!aNULL:!EDH:!MEDIUM:!EXP:!LOW:!eNULL:!ADH:!SSLv2'

ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD

The protocol list at the time of the error:

SSLProtocol -ALL -SSLv2 -SSLv3 -TLSv1 +TLSv1.2

ssllabs also confirmed the only offered protocol was TLSv1.2 - and this stopped Firefox in its tracks.

This is fine, Firefox couldn't fall back to a TLSv1/1.1 cipher, but the error message claiming that it was the servers fault and that the server was configured to provide SSLv3 was extremely... annoying.

The fix for this was to alter the cipher suite in use on the server to include the SSLv3 ciphers. SSLv3 the protocol is still disabled, but at least now Firefox 35 can successfully fall back to a TLSv1/1.1 cipher.

Cipher suite for those google wanderers looking for a fix for this:

ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4-SHA:RC4-MD5:RC4+RSA:RC4:SSLv3:+HIGH:!MD5:!aNULL:!EDH:!MEDIUM:!EXP:!LOW:!eNULL:!ADH:!SSLv2

So it was an error, but the bug is the fact that Firefox is displaying the wrong error message.