[Bug-gnuzilla] Secure Connection Failed: authenticity of the received data could not be verified

Project:Trisquel
Version:8.0
Component:Packages
Category:bug report
Priority:normal
Assigned:Unassigned
Status:closed
Description

Affected icecat versions

  1. Affected IceCat versions
  2. IceCat 38.5.2 (icecat_38.5.2-gnu1+7.0trisquel1_amd64.deb), but not Firefox ESR 38.5.2. Confirmed by David Hedlund public@beloved.name
  3. IceCat 38.5.0 (icecat_38.5.0-gnu1+7.0trisquel1_amd64.deb), but not Firefox ESR 38.5.0. Confirmed by David Hedlund public@beloved.name
  4. Older versions of Icecat including 38.3.0 (confirmed by Antonio Trande), and 31.2.0 (confirmed by Narcis Garcia) were also affected.

Issues

Example 1

 "Secure Connection Failed

The connection to cve.trust.telia.com was interrupted while the page was loading.

   * The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   * Please contact the website owners to inform them of this problem."

Example 2

  • Cannot download Umeå Energi AB electronic billings from Swedbank internetbank.

Steps to reproduce: You need a Swedbank bank account to do this. Go to https://internetbank.swedbank.se/ ("Private" not "Company"), navigate to "Startsida -> Elektroniska dokument -> Umeå Energi AB -> Visa", this will open the page https://faktura.umeaenergi.se/ with message:

"Secure Connection Failed

The connection to faktura.umeaenergi.se was interrupted while the page was loading.

   * The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   * Please contact the website owners to inform them of this problem."

Troubleshooting (that didn't help)

I will not work for me in a fresh install of Trisquel 7 that I've tried from a USB device.

 References:
 https://directory.fsf.org/wiki/Disable_DHE
 https://weakdh.org/
I decided to set all security.ssl3.dhe settings to true and try it again: 1. Search "security.ssl3.dhe" in about:config. Set all of them to true, which corresponds to these Preference Names:
 security.ssl3.dhe_dss_aes_128_sha
 security.ssl3.dhe_rsa_aes_128_sha
 security.ssl3.dhe_rsa_aes_256_sha
 security.ssl3.dhe_rsa_des_ede3_sha
2. Restart IceCat 3. Ctrl + f5 loads https://cve.trust.telia.com/TeliaElegNG/ correctly but still says "Secure Connection Failed"

Page source

  • Saving the "Secure Connection Failed" page adds "Problem loading page.xhtml" attached in this email.
  • View Page Source for "Secure Connection Failed" pages open a new page which says:

"The connection was interrupted

The connection to was interrupted while the page was loading.

   The site could be temporarily unavailable or too busy. Try again in a few moments.
   If you are unable to load any pages, check your computer's network connection.
   If your computer or network is protected by a firewall or proxy, make sure that IceCat is permitted to access the Web."
Upon investigation, I found out that there are two variants of the message "Secure Connection Failed". The one described in this email is "nssFailure2":

Sat, 01/23/2016 - 18:50

Modify text "31.2.0 (confirmed by Narcis Garcia) were also affected." to "31.2.0 (31.2.0-1+7.0trisquel2, confirmed by Narcis Garcia) was not affected."

Also add "IceCat 38.4.0: compiled Icecat source code from Trisquel repository was neither affected. Confirmed by Antonio Trande."

Wed, 05/30/2018 - 11:48

No problems in icecat 52.3.0-gnu1+8.0trisquel3: Nothing had to be changed to make Telia or Swedbank working (see above example) except that I had to disable LibreJS since it's required by the Swedbank.

Wed, 05/30/2018 - 11:49
Version:7.0» 8.0
Priority:blocking» normal
Status:active» closed