Firefox ssl error no cypher overlap error

Question

My co-workers and I are having a problem using Firefox 3 0 6 to access a Java 1 6 0   11 web application we re developing   Everything works fine anywhere from 1-30 minutes into the session   but eventually  the connection fails and the following error appears   Secure Connection Failed   An error occurred during a connection to 10 x x x   Cannot communicate securely with peer  no common encryption algorithm s     Error code  ssl error no cypher overlap   IE works fine   Firefox throws the error in both Windows and Fedora  so the problem doesn t appear to be tied to an OS   The Java EE application runs on a Tomcat 6 0 16 server   All pages are encrypted using TLS 1 0 through an Apache 2 2 8 HTTP server with mod nss   Our Apache server is configured to reject SSL 3 0 connections   One hypothesis we have is that Firefox might be trying to establish a SSL 3 0 connection   but why   Based some Googling  we tried the following things  but without success    using Firefox 2 x  some people reported instances where 2 x worked but 3 x didn t   enabling SSL2 disabling SSL3 disabling OCSP  Tool   Options   Advanced   Encryption   Validation  ensuring that the anti-virus firewall of the client computer isn t blocking or scanning port 443  https port    Any ideas

User · Answer

Error code  ssl error no cypher overlap  error message after login  when Welcome screen expected--using Firefox browser  Solution  Enable support for 40-bit RSA encryption in the Firefox Browser  1  enter  about config  in Browser Address bar 2  find select  security ssl3 rsa rc4 40 md5  3  set boolean to TRUE

User · Answer

I ve had the same problem  to solve was enough to enable all the SSL schemas in  about config   I was finding them by filtering with ssl  First I anabled all options for afret disabling the unnecessary ones

User · Answer

I had the same problem with a really old local router and was not able to open its WebGUI because of self-signed certificates  The solution was to install an old Firefox Portable version  I tested the following versions   Firefox 33 1 1  worked  Firefox 45 0 2  worked  Firefox 56 0 2  failed   This is strange because it should be only a problem since version 59  but as long it works  it s ok for me

User · Answer

If you review the process of SSL negotiation at Wikipedia  you will know that at the beginning ClientHello and ServerHello messages are sent between the browser and the server   Only if the cyphers provided in ClientHello have overlapping items on the server  ServerHello message will contain a cypher that both sides support  Otherwise  SSL connection will not be initiated as there is no common cypher   To resolve the problem  you need to install cyphers  usually at OS level   instead of trying hard on the browser  usually the browser relies on the OS   I am familiar with Windows and IE  but I know little about Linux and Firefox  so I can only point out what s wrong but cannot deliver you a solution

User · Answer

What worked for me is I    Went to about config  Typed  security  in the search box  Set all of the returned entries to their defaults  Typed  ssl  in the search box  Set all of the returned results to their defaults  Enabled ssl2  Disabled ssl3  Restarted Firefox    Note about restarting Firefox  When I do start it very soon after closing it  it often has a file access problem  which requires me to delete places sqlite and places sqlite-journal in C  WINDOWS Application Data Mozilla Firefox Profiles n18091xv default  This causes me to lose my history  plus bookmarks have to be restored from a backup each time this happens  I wait from five to ten minutes or more to avoid this hassle   Running Firefox v3 5 1 on WinMe

User · Answer

I had the same issue while renewing the certificate for our server at www tpsynergy com   After importing the new server certificate and restarting the tomcat  the error we were getting was ERR SSL VERSION OR CIPHER MISMATCH  After lot of research  I used this link https   www sslshopper com certificate-key-matcher html to compare the csr  certificate signing request to the actual certificate   They both did not match  So I created a new csr and obtained a new certificate and installed the same  It worked   So the full steps for the process are   From the same server where the certificate will be installed  create CSR   keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tpsynergy keystore  change the domain name as needed   While creating this  it will ask for first name and last name  Do not give your name  but use the domain name  For example I gave it as www tpsynergy com  2 keytool -certreq -keyalg RSA -alias tomcat -file csr csr -keystore tpsynergy keystore  This will create a csr csr file in the same folder  copy the contents of this to the godaddy site and create the new certificate    The downloaded certificate zip file will have three files gd bundle-g2-g1 crt gdig2 crt youractualcert crt You will need to download the root cert gdroot-g2 crt from godaddy repository  Copy all these files to the same directory from where you created the CSR file and where the keystore file is located  Now run the below commands one by one to import the certs into the keystore  keytool -import -trustcacerts -alias root -file gd bundle-g2-g1 crt -keystore tpsynergy keystore  keytool -import -trustcacerts -alias root2 -file gdroot-g2 crt -keystore tpsynergy keystore  keytool -import -trustcacerts -alias intermediate  -file gdig2 crt -keystore tpsynergy keystore  keytool -import -trustcacerts -alias tomcat  -file yourdomainfile crt -keystore tpsynergy keystore Ensure that server xml file in conf folder has this entry     Restart the tomcat

User · Answer

The first thing I would check is the config for mod nss  It is the odd one out  for it is yours and there is none in the world like it  -   Whereas if there was some huge bug in Firefox or mod nss itself  I guess you d have found out about it by now in your google quest  The fact that you ve fiddled with the config  e g  disabling SSL3  and various other random tweaks   is also suspicious   I d back track to a very vanilla mod nss config and see if that works  Then change things systematically towards your current config until you can reproduce the problem  By the sound of it the source of the error is somewhere in the cipher spec config of mod nss and the related protocol negotiation stuff  So maybe you inadvertently changed something there when trying to turn off SSLv3  incidentally  why disable SSL3  Normally people disable V2     One other thing to check is that you re on the latest mod nss and it s not a known bug in that  The fact that it manages to start the session and then fails later is interesting - it suggests that maybe it is trying to renegotiate the session and failing to negotiate ciphers at that point  So it might be the symmetric ciphers  Or it could simply be an implementation bug in your version of mod nss that somehow garbles the protocol   One other idea  and this is a wild guess  is the browser is trying to resume a session which was negotiated with SSLv3 before you disabled it  and something breaks when trying to resume that session when V3 is turned off  or maybe mod nss just doesn t implement it right   The java tomcat stuff seems like a red herring as unless I ve misunderstood your description  none of that is involved in the SSL handshake protocol

User · Answer

Error code  ssl error no cypher overlap  error message after login  when Welcome screen expected--using Firefox browser Solution 1  enter  about config  in Browser Address bar 2  find select  security ssl3 rsa rc4 40 md5  3  set boolean to TRUE

User · Answer

Under advanced settings of firefox you should be able to set the encryption  By default SSL3 0 and TLS1 0 should be checked  so if firefox is trying to create ssl 3 0 connectons try unchecking the ssl 3 0s setting   if that doesn t work  try searching the about config page for  ssl2  My Firefox has settings with ssl2 set to false by default

User · Answer

I had similar issues browsing to secure sites  https     when using Burp  or at least an issue that would bring you to this page when searching Google     ssl error no cypher overlap in Firefox ERR SSL VERSION OR CIPHER MISMATCH in Chrome   It turned out to be an issue with using Java 8   When I switched to Java 7  the problem stopped

User · Answer

Given what you ve tried and the error messages  I d say this was more to do with the exact cipher algorithm used rather than the TLS SSL version  Are you using a non-Sun JRE by any chance  or a different vendor s security implementation  Try a different JRE OS to test your server if you can  Failing that you might just be able to see what s going on with Wireshark  with a filter of  tcp port    443

User · Answer

If you get the no cipher overlap error on firefox  and you have left it at default settings  you are using what must be a very insecure site trying to use a very weak  export grade  cipher  Use of these ciphers is discouraged these days and I personally would stop using a site trying to use such a weak cipher

[java] Firefox "ssl_error_no_cypher_overlap" error

Examples related to java

Examples related to security

Examples related to apache

Examples related to firefox

Examples related to ssl