More info ssl error cypher overlap. Fixing an error when establishing a secure connection in Mozilla Firefox. What is this SSL error

When trying to connect to a site, the user may receive an ssl_error_no_cypher_overlap error message. In this article, I will tell you what this error code is, explain the reasons for its occurrence, and also tell you how to fix the ssl_error_no_cypher_overlap error on your PC.

What is this SSL error

As can be seen from the wording of the ssl_error_no_cypher_overlap error, this problem occurs when certain sites do not support certain encryption protocols (no_cypher_overlap). Usually we are talking about the use by the site of the SSL version 3.0 protocol (created back in 1996), working with which in our time can most sadly affect the overall security of the connection and the safety of the transmitted data.

Despite the fact that the SSL protocol has survived its further development, objectified in the TLS protocols, some sites still continue to require users to use the legacy SSL. Therefore, the activation and use of SSL on your browser will be done by you at your own peril and risk.

Causes of an error in the browser

As already mentioned, the main reason for the occurrence of the SSL Error error is the use of an outdated protocol by the site, and the activity of virus and antivirus programs that block or modify the network Internet connection can also cause the problem.

At the same time, the error in question is most often fixed on the Mozilla Firefox browser (especially after update No. 34), on other browsers it is extremely rare.

How to fix ssl_error_no_cypher_overlap error

Here is a list of methods to fix the error in question:

1. Restart your computer. This cliche advice sometimes helps;
2. Check your computer for viruses with a reliable antivirus;
3. Try temporarily disabling your antivirus and firewall, and then try to visit the problem site;
4. Use a different browser. Since this error most often occurs on Firefox, changing the browser may fix the problem;
5. Change your Firefox settings. To do this, open a new window in your Mozilla, type about:config in the address bar and hit enter. Confirm your acceptance of the risk, and then enter security.tls.version in the search bar. After receiving results from several values, change the value of the security.tls.version.fallback-limit and security.tls.version.min parameters to 0. After these innovations, try to visit the problem site again, it should load.
6. Disable https. Instruction.

Conclusion

The most common cause of the ssl_error_no_cypher_overlap problem is the obsolete SSL cryptographic protocol that some sites use. If you use Fox, then change the value of some browser settings as indicated above, in other cases, temporarily disabling the antivirus and firewall, as well as changing the browser, can help.

security apache (8)

My colleagues and I are having trouble using Firefox 3.0.6 to access a Java 1.6.0 ___ 11 web application we are developing. Everything works fine from 1 to 30 minutes in the session... but eventually the connection fails and the following error appears:

Secure Connection Failed

An error occurred during a connection to 10.xxx

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

IE works fine. Firefox throws an error on both Windows and Fedora, so the issue is not OS related. The Java EE application is running on a Tomcat 6.0.16 server. All pages are encrypted using TLS 1.0 through an Apache 2.2.8 HTTP server with mod_nss.

Our Apache server is configured to reject SSL 3.0 connections. One hypothesis is that Firefox might be trying to establish an SSL 3.0 connection...but why?

Based on some Googling, we've tried the following things with no success:

using Firefox 2.x (some people have reported cases where 2.x worked but 3.x didn't):

enabling SSL2

disable SSL3

disabling OCSP (Tool > Options > Advanced > Encryption > Validation)

that the client computer's antivirus/firewall is not blocking or scanning port 443 (https port)

Any ideas?

The first thing I would like to check is the config for mod_nss. It's weird because it belongs to you and there is no such thing in the world :-) If you had a huge bug in Firefox or mod_nss, I would assume that you already found out about it in your google quest. The fact that you took advantage of a setting (such as disabling SSL3 and various other random settings) is also suspicious.

I'll go back to tweaking the vanilla mod_nss config and see if that works. Then systematically change the situation to the current configuration until you can reproduce the problem. It sounds like the source of the error is somewhere in the mod_nss encryption configuration and related protocols. So maybe you accidentally changed something there while trying to disable SSLv3 (btw, why disable SSL3? Do people usually disable V2?).

One more thing to check you are on the latest mod_nss and it's not a known bug. An interesting fact is that he manages to start a session and then fails later - this suggests that perhaps he is trying to renegotiate the session and cannot agree on ciphers at that point. Thus, these can be symmetric ciphers. Or it could just be an implementation bug in your version of mod_nss that skews the protocol in some way.

Another idea, and this is a wild guess, is the browser trying to resume a session that was negotiated with SSLv3 before turning it off and something breaks when trying to resume that session when V3 is down, or maybe mod_nss just doesn't do it right .

The java/tomcat stuff looks like a red herring, since if I didn't understand your description, none of it is related to handshake/SSL protocol.

In advanced settings of firefox you can set encryption. By default SSL3.0 and TLS1.0 should be checked, so if firefox tries to build ssl 3.0, try unchecking ssl 3.0s.

if that doesn't work, try looking for the about:config page for "ssl2". My Firefox settings with ssl2 settings are false by default...

If you look at the SSL negotiation process on Wikipedia, you will know that at the beginning, ClientHello and ServerHello messages are sent between the browser and the server.

Only if the ciphers provided in the ClientHello have overlapping elements on the server, the ServerHello message will contain a cypher supported by both sides. Otherwise, the SSL connection will not be initiated because the shared cipher is missing.

To solve this, you need to install cyphers (usually at the OS level), instead of trying to work in the browser (usually the browser uses the OS). I'm familiar with Windows and IE, but I don't know much about Linux and Firefox, so I can only point out what's wrong, but can't provide you with a solution.

I had the same problem; it was enough for the solution to enable all SSL schemes in "about:config". I found them by filtering with ssl. First, I enabled all options to disable unnecessary ones.

"Error: ssl_error_no_cypher_overlap" error message after login when a welcome screen is expected - using Firefox browser. Solution 1: Type "about:config" in browser address bar 2: Search/Select "security.ssl3.rsa_rc4_40_md5" 3: Set boolean to TRUE

Error message "Error code: ssl_error_no_cypher_overlap" after login when a welcome screen is expected - using Firefox browser

Enable support for 40-bit RSA encryption in Firefox browser: 1: type "about:config" in browser address bar 2: search/select "security.ssl3.rsa_rc4_40_md5" 3: set boolean to TRUE

What worked for me, I:

1. Went about: config.
2. Typed "security" in the search box.
3. Set all returned entries to their default values.
4. I typed "ssl" in the search box.
5. Set all returned results to default.
6. SSL2 enabled.
7. Disabled ssl3.
8. Reloaded Firefox.

A note about restarting Firefox: When I start it very soon after closing it, it often has a file access problem that requires me to delete places.sqlite and places.sqlite-journal in C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n18091xv.default. This causes me to lose my history, with the bookmarks always having to be restored from a backup every time this happens. I wait five to ten minutes or more to avoid this hassle.

Running Firefox v3.5.1 on WinMe

I've had issues with similar issues to secure sites (https://) when using Burp (or at least the issue that will take you to this page when searching on Google):

• ssl_error_no_cypher_overlap in Firefox
• ERR_SSL_VERSION_OR_CIPHER_MISMATCH in Chrome

This turned out to be a problem when using Java 8. When I switched to Java 7 the problem stopped.

Modern browsers have really effective antivirus capabilities. Even without various third-party programs, they will be able to protect your computer from spyware Trojans. However, it is precisely because of such excessive measures that users receive blocking of reliable Internet pages for no reason. One of these locks is "ssl_error_no_cypher_overlap". Another good site from yesterday (for example, zakupki.gov) suddenly stops loading. This is very common in Firefox and Internet Explorer.

Reasons for the error

From the error itself, you can understand that the SSLv3 protocol is no longer supported, and without this degree of security, the browser cannot make a connection. That is, no one can vouch for your safety, so the best solution is to block your Internet connection.

Error code "ssl_error_no_cypher_overlap" in Mozilla Firefox

The reason is to update the Firefox browser to the latest version, for unknown reasons, from version 34, it starts to get very indignant when suspicious SSL is connected. The browser finds some plugins, scripts and hacked security protocols on the visited resource that can collect information about the user, and blocks access to the website. Another possible problem is an antivirus or a Trojan (browser hijacker) operating on your system.

Fixing a connection error

I will immediately note that we will remove the moment with an infected PC, the user must constantly scan the system with antiviruses and scanners for malware. It fights hijackers well - AdwCleaner, for example.

So, to begin with, we will indicate simple tips for a quick solution:

• Using Firefox, clear all cookies and cache, as well as history.
• Disable for a while the protection of the OS and with it the antivirus screen.
• Use a different browser after uninstalling Firefox and restarting your PC.
• Replace the hosts file with the recommended one from Microsoft. You will find it on the official page of the corporation.

Change Firefox settings

A more difficult option is to change browser settings. You should proceed to its root menu and change a few required items:

• Let's open a new page in Firefox. We register in the search column: about: config

• From several points, we choose only two: security.tls.version.fallback-limit and security.tls.version.min

Keep in mind that by setting zero values, you have made the browser vulnerable, so try to immediately return all values ​​back. And it is desirable for the site administrator to point out the problem.

This in most cases it helps to fix the ssl_error_no_cypher_overlap error code in the browser. But you should take into account a very important point, now you are less protected from malware. Therefore, it is better to think many times whether this site is worth the increase in the risks of infecting your computer with virus programs. It may be easier to change the browser or find another source on the Internet.