TLS error using Firefox on MacBook
I receive a secure connection error from Mozilla Firefox when going to an https site while on my MacBook that does not appear when I am using my Windows computer.
Site address is https://member.myshaklee.com/us/en/login.php?url=http%3A%2F%2Fmember.myshaklee.com%2Fus%2Fen%2F
Please advise how to adjust my macBook settings to cease this error. I must be able to access this site for business purposes.
All Replies (8)
Hi Annieh3
Are you comparing Firefox on Windows against Firefox on Mac?
If so then that's a bug in Firefox.
If you are comparing with Firefox on Mac with another browser on Windows please let us know!
Firefox on Windows versus Firefox on Mac. So I guess I have a bug. What do I do to get that resolved?
That server uses a weak RC4 cipher suite (TLS_RSA_WITH_RC4_128_SHA) and only works when security.tls.unrestricted_rc4_fallback is set to true.
The current Nightly build (Firefox 43a1) default to false for this pref and won't work. In the current release (40) this should still work, but I see an exclamation mark instead of the globe/padlock on the location/address bar.
Can you attach a screenshot to show what error page you get?
- http://en.wikipedia.org/wiki/Screenshot
- https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem
- Use a compressed image type like PNG or JPG to save the screenshot
- Make sure that you do not exceed the maximum size of 1 MB
cor-el moo ko soppali ci
well, it seems to be working now. Will post reply with pic if it pops up again. Many thanks!!
Here is the original error message screenshot
Annieh3 moo ko soppali ci
Today the business website I need to go is loading without error; however, I am experiencing very slow load speeds and stalls on Facebook (also using the Firefox browser on Mac)
Switching to Safari and have no issues.
If I have a bug in my Firefox, what do you recommend?
error message
I get this error page (no_cypher_overlap) when the security.tls.unrestricted_rc4_fallback pref is set to false like I posted above. The server wants to fallback to a weak RC4 cipher suite and this is no longer allowed.
You can look at the security.tls.unrestricted_rc4_fallback pref on the about:config page and if set to false then you would have to toggle its value to true to be able to access this server. Note that this makes you vulnerable and is not recommended as a permanent change. You should contact the website and ask them to upgrade their security.
You can point them to this article:
- https://developer.mozilla.org/en-US/Firefox/Releases/38#Security
- Bug 1138882 - Create a separate a pref to enable unrestricted RC4 fallback.
Interesting readings:
cor-el moo ko soppali ci
Thanks cor-el Why wouldn't this also be happening in Windows if the site was the problem? I use Firefox on both.