Ran into a bit of a sticky wicket today. And for reasons that should be obvious it was a bit difficult to google for a solution, so I backed out the upgrade. So I'm hoping someone here has seen and fixed this already.
System: CentOS 7, fully updated. After the nss updates in the past day or so, visiting https://www.google.com with Firefox results in the following error screen: Secure Connection Failed
An error occurred during a connection to www.google.com. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports. (Error code: ssl_error_inappropriate_fallback_alert)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
Ok, so how do I fix this (other than 'yum downgrade nss firefox nss-sysinit nss-devel nss-tools' which does 'fix' the issue)?
Lamar,
Try installing the Firefox 'SSL Version Control' add-on. Had this issue with Fedora 20 and install this add-on and set it to TLS 1.0.
Chris
On Tue, Dec 9, 2014 at 2:30 PM, Lamar Owen lowen@pari.edu wrote:
Ran into a bit of a sticky wicket today. And for reasons that should be obvious it was a bit difficult to google for a solution, so I backed out the upgrade. So I'm hoping someone here has seen and fixed this already.
System: CentOS 7, fully updated. After the nss updates in the past day or so, visiting https://www.google.com with Firefox results in the following error screen: Secure Connection Failed
An error occurred during a connection to www.google.com. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports. (Error code: ssl_error_inappropriate_ fallback_alert)
The page you are trying to view cannot be shown because theauthenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
Ok, so how do I fix this (other than 'yum downgrade nss firefox nss-sysinit nss-devel nss-tools' which does 'fix' the issue)?
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 12/09/2014 05:22 PM, Chris Stone wrote:
On Tue, Dec 9, 2014 at 2:30 PM, Lamar Owen lowen@pari.edu wrote:
Ok, so how do I fix this (other than 'yum downgrade nss firefox nss-sysinit nss-devel nss-tools' which does 'fix' the issue)?
Try installing the Firefox 'SSL Version Control' add-on. Had this issue with Fedora 20 and install this add-on and set it to TLS 1.0.
That worked; thanks much, Chris.
On 12/09/2014 03:30 PM, Lamar Owen wrote:
Ran into a bit of a sticky wicket today. And for reasons that should be obvious it was a bit difficult to google for a solution, so I backed out the upgrade. So I'm hoping someone here has seen and fixed this already.
System: CentOS 7, fully updated. After the nss updates in the past day or so, visiting https://www.google.com with Firefox results in the following error screen: Secure Connection Failed
An error occurred during a connection to www.google.com. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports. (Error code: ssl_error_inappropriate_fallback_alert)
The page you are trying to view cannot be shown because theauthenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
Ok, so how do I fix this (other than 'yum downgrade nss firefox nss-sysinit nss-devel nss-tools' which does 'fix' the issue)?
Can someone verify this is also an issue on RHEL-7 ... looks like something that needs to be fixed if only older TLS versions are supported.
--On Wednesday, December 10, 2014 09:14:56 AM -0600 Johnny Hughes johnny@centos.org wrote:
Can someone verify this is also an issue on RHEL-7 ... looks like something that needs to be fixed if only older TLS versions are supported.
I don't have RHEL7 (*cough*) installed on a desktop yet, but I disabled SSL version control in RHEL6 and didn't see the issue come up. Not quite the data point you're looking for ...
-
Chris Stone -
Devin Reade -
Johnny Hughes -
Lamar Owen