SSL_ERROR_NO_CYPHER_OVERLAP only in private mode
I encountered this weird case, when a certain web page works in regular mode, but not in private browsing.
The error in private mode is:
Secure Connection Failed
An error occurred during a connection to a.private.server.com:8443. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.
All Replies (8)
I suspect it might be due to missing client certificate*. Firefox in Private mode does not ask for it (i have several certificates installed).
"star" - in which case the error is very misleading (which is apparently an unwritten rule in X.509 land...)
Ti ṣàtúnṣe
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
Websites don't load - troubleshoot and fix error messages
http://kb.mozillazine.org/Error_loading_websites
What do the security warning codes mean
SSL_ERROR_NO_CYPHER_OVERLAP
Your server apparently doesn't offer any cipher suites necessary to establish a
secure https connection that are supported in Firefox. You can check what kind
of cipher suites Firefox can make use of by visiting;
https://www.ssllabs.com/ssltest/viewMyClient.html
Firefox will just show the SSL_ERROR_NO_CYPHER_OVERLAP error when encountered any site using the RC4 cipher.
Hi xerces9,
Your system details show that your participating in Firefox Studies and I see this extension installed :
"ETP Search Volume Study 1.2"
It might have something to do with it .... (just a thought, though)
Also see :
https://github.com/mozilla/etp-search-volume-study
And this bug report :
https://bugzilla.mozilla.org/show_bug.cgi?id=1532678
You could disable the extension (for now) as a test .....
(edit : typo ... )
Ti ṣàtúnṣe
FredMcD said
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.
Why would this only be a problem in private mode and not in normal mode?
That I don't know.
I did some testing and it seems to be a bug. see https://bugzilla.mozilla.org/show_bug.cgi?id=1554152
Good work. Hopefully, they can sort it out.
See also:
- Bug 1362079 - Display a more helpful error when a SSL handshake fails due to a client certificate