Submitted by David_Hedlund on Sat, 01/23/2016 - 18:28
[Bug-gnuzilla] Secure Connection Failed: authenticity of the received data could not be verified
Project: | Trisquel |
Version: | 8.0 |
Component: | Packages |
Category: | bug report |
Priority: | normal |
Assigned: | Unassigned |
Status: | closed |
Jump to:
Description
Affected icecat versions
- Affected IceCat versions
- IceCat 38.5.2 (icecat_38.5.2-gnu1+7.0trisquel1_amd64.deb), but not Firefox ESR 38.5.2. Confirmed by David Hedlund public@beloved.name
- IceCat 38.5.0 (icecat_38.5.0-gnu1+7.0trisquel1_amd64.deb), but not Firefox ESR 38.5.0. Confirmed by David Hedlund public@beloved.name
- Older versions of Icecat including 38.3.0 (confirmed by Antonio Trande), and 31.2.0 (confirmed by Narcis Garcia) were also affected.
Issues
Example 1
"Secure Connection FailedThe connection to cve.trust.telia.com was interrupted while the page was loading.
* The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. * Please contact the website owners to inform them of this problem."
Example 2
- Cannot download Umeå Energi AB electronic billings from Swedbank internetbank.
Steps to reproduce: You need a Swedbank bank account to do this. Go to https://internetbank.swedbank.se/ ("Private" not "Company"), navigate to "Startsida -> Elektroniska dokument -> Umeå Energi AB -> Visa", this will open the page https://faktura.umeaenergi.se/ with message:
"Secure Connection Failed
The connection to faktura.umeaenergi.se was interrupted while the page was loading.
* The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. * Please contact the website owners to inform them of this problem."
Troubleshooting (that didn't help)
I will not work for me in a fresh install of Trisquel 7 that I've tried from a USB device.
- Followed Ruben's advice (https://www.mail-archive.com/bug-gnuzilla@gnu.org/msg02756.html): "That comes from disabling DHE as a countermeasure for logjam: pref("security.ssl3.dhe_rsa_des_ede3_sha", false); "
- set "security.ssl3.dhe_rsa_des_ede3_sha" to true in about:config
- Closed about:config
- Cleared the cache
- https://cve.trust.telia.com/TeliaElegNG/ still say "Secure Connection Failed""
References: https://directory.fsf.org/wiki/Disable_DHE https://weakdh.org/I decided to set all security.ssl3.dhe settings to true and try it again: 1. Search "security.ssl3.dhe" in about:config. Set all of them to true, which corresponds to these Preference Names:
security.ssl3.dhe_dss_aes_128_sha security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha security.ssl3.dhe_rsa_des_ede3_sha2. Restart IceCat 3. Ctrl + f5 loads https://cve.trust.telia.com/TeliaElegNG/ correctly but still says "Secure Connection Failed"
- Troubleshoot the "Secure Connection Failed" error message - https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
1. Disable hardware acceleration 2. Restart IceCat in a fresh profile, and restart the profile in Safe Mode.
- Edit -> Preferences -> Content -> [unckeck] Block pop-up windows
Page source
- Saving the "Secure Connection Failed" page adds "Problem loading page.xhtml" attached in this email.
- View Page Source for "Secure Connection Failed" pages open a new page which says:
"The connection was interrupted
The connection to was interrupted while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few moments. If you are unable to load any pages, check your computer's network connection. If your computer or network is protected by a firewall or proxy, make sure that IceCat is permitted to access the Web."Upon investigation, I found out that there are two variants of the message "Secure Connection Failed". The one described in this email is "nssFailure2":
Modify text "31.2.0 (confirmed by Narcis Garcia) were also affected." to "31.2.0 (31.2.0-1+7.0trisquel2, confirmed by Narcis Garcia) was not affected."
Also add "IceCat 38.4.0: compiled Icecat source code from Trisquel repository was neither affected. Confirmed by Antonio Trande."
No problems in icecat 52.3.0-gnu1+8.0trisquel3: Nothing had to be changed to make Telia or Swedbank working (see above example) except that I had to disable LibreJS since it's required by the Swedbank.