為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Getting "Secured Connection Failed" error message on a website that always worked previously

  • 12 回覆
  • 11 有這個問題
  • 1 次檢視
  • 最近回覆由 Cnick

more options

Displays error: The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.

Site could always be accessed previously and can be accessed using Chrome and IE

Displays error: The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Site could always be accessed previously and can be accessed using Chrome and IE

所有回覆 (12)

more options

Can you post a link to a publicly accessible page (i.e. no authentication or signing on required)?

It is possible that the website uses a deprecated RC4 cipher suite.

In Firefox 36 you could bypass this, but this is no longer possible in Firefox 37.

This is now a standard and already implemented in Firefox and other browsers will likely follow.

more options

Does this mean that there is no solution to the problem since it can no longer be bypassed? The website is for Merrick Bank- you would think that a large number of people would need to access it on a daily basis.

more options

I don't know what they use. The URL is teradatanet.teradata.com.

more options

You can lower security and allow to fallback to TLS 1.0 to see if that works on this website.

  • security.tls.version.fallback-limit = 1

Be aware of the security risks involved with changing this and reset the pref when you are done with this website.

more options

Okay, where do I set security.tls.version.fallback-limit? I tried application.ini but that doesn't appear to have any real meaning....

more options

Does your login link look like this: https://login.merrickbank.com/

The site uses TLS 1.0 (an older version of SSL), which Firefox 37 views as obsolete. This is a change from Firefox 36.

Weirdly, if I click forgot password, a different server is used with a newer, more trustworthy secure certificate (green lock): https://logon.merrickbank.com/LogOnRegister/ForgotPasswordExAlt

And the login form on the "obsolete" page submits to that newer server. Confusing! They really should update this...

You can make a site-specific exception for the problem server:

Here's how:

(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character, and not including either of those. In this case: login.merrickbank.com

(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(3) In the search box above the list, type or paste tls and pause while the list is filtered

(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.

When you reload that site, Firefox 37 should show the page the same was as Firefox 36.

more options

That did not seem to change anything. Maybe it's a different issue? I also noticed in about:config that security.tls.insecure_fallback_hosts.use_static_list is "true" - I guess that's proper.

I wish I could try forgetting the password but I don't get that far - the login page does not even come up. BTW, this is not the merrick site, and I don't know how you got that impression. As I said earlier it's teradatanet.teradata.com.

more options

Hi GJColeman78, I see the confusion: you joined someone else's thread and your question actually is over here: https://support.mozilla.org/questions/1056008

So I'll post a reply for you in the other thread to relieve the poster here of having to read more of our discussion about this other site.

more options

Oh! Thanks. I apologize for confusing things!

more options

There is a built-in static list that can be disabled by setting security.tls.insecure_fallback_hosts.use_static_list to false.


  • Bug 1114816 - Add a whitelist for domains that require non-secure TLS version fallback
  • Bug 1128227 - Add a static TLS insecure fallback whitelist

Firefox 39 and later will also have pref for RC4.

  • Bug 1138882 - Create a separate a pref to enable unrestricted RC4 fallback
more options

Changing that preference in about:config worked like a charm. Thanks for the help...

more options

Many thanks to cor-el & jscher2000 for their solutions. I had posted in March when the previous version of FF degraded the SSL certificate of my online bank (Intelligent Finance): https://support.mozilla.org/en-US/questions/1050629.

Comments there warned me that newer versions of FF would soon block access to my bank completely and that is exactly what has happened with the update to 37.0.1. I was getting the same "secure connection failed" message as the the one displayed by merrickbank. IE is still working for now but I was beginning to panic about losing access to my online bank accounts. I reported/complained to the bank last month about their weak encryption and they assured me the matter is being looked into, but still out of my hands.

Changing fallback to TLS 1 worked fine but making my.if.com a specific exception for the server also gave me back access to my bank and is probably the safer permanent solution until the bank sorts out their systems. Interesting that Intelligent Finance is not the only financial website still using weak & obsolete encryption.