Ran into a bit of a sticky wicket today. And for reasons that should be
obvious it was a bit difficult to google for a solution, so I backed out
the upgrade. So I'm hoping someone here has seen and fixed this already.
System: CentOS 7, fully updated. After the nss updates in the past day
or so, visiting https://www.google.com with Firefox results in the
following error screen:
Secure Connection Failed
An error occurred during a connection to www.google.com. The server
rejected the handshake because the client downgraded to a lower TLS
version than the server supports. (Error code:
ssl_error_inappropriate_fallback_alert)
The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Alternatively, use the command found in the help menu to report this
broken site.
Ok, so how do I fix this (other than 'yum downgrade nss firefox
nss-sysinit nss-devel nss-tools' which does 'fix' the issue)?
Lamar, Try installing the Firefox 'SSL Version Control' add-on. Had this issue with Fedora 20 and install this add-on and set it to TLS 1.0. Chris On Tue, Dec 9, 2014 at 2:30 PM, Lamar Owen <lowen at pari.edu> wrote:> Ran into a bit of a sticky wicket today. And for reasons that should be > obvious it was a bit difficult to google for a solution, so I backed out > the upgrade. So I'm hoping someone here has seen and fixed this already. > > System: CentOS 7, fully updated. After the nss updates in the past day or > so, visiting https://www.google.com with Firefox results in the following > error screen: > Secure Connection Failed > > An error occurred during a connection to www.google.com. The server > rejected the handshake because the client downgraded to a lower TLS version > than the server supports. (Error code: ssl_error_inappropriate_ > fallback_alert) > > The page you are trying to view cannot be shown because the > authenticity of the received data could not be verified. > Please contact the website owners to inform them of this problem. > Alternatively, use the command found in the help menu to report this broken > site. > > Ok, so how do I fix this (other than 'yum downgrade nss firefox > nss-sysinit nss-devel nss-tools' which does 'fix' the issue)? > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- Chris Stone AxisInternet, Inc. www.axint.net
On 12/09/2014 05:22 PM, Chris Stone wrote:> On Tue, Dec 9, 2014 at 2:30 PM, Lamar Owen <lowen at pari.edu> wrote: > >> Ok, so how do I fix this (other than 'yum downgrade nss firefox >> nss-sysinit nss-devel nss-tools' which does 'fix' the issue)? > Try installing the Firefox 'SSL Version Control' add-on. Had this > issue with Fedora 20 and install this add-on and set it to TLS 1.0.That worked; thanks much, Chris.
On 12/09/2014 03:30 PM, Lamar Owen wrote:> Ran into a bit of a sticky wicket today. And for reasons that should be > obvious it was a bit difficult to google for a solution, so I backed out > the upgrade. So I'm hoping someone here has seen and fixed this already. > > System: CentOS 7, fully updated. After the nss updates in the past day > or so, visiting https://www.google.com with Firefox results in the > following error screen: > Secure Connection Failed > > An error occurred during a connection to www.google.com. The server > rejected the handshake because the client downgraded to a lower TLS > version than the server supports. (Error code: > ssl_error_inappropriate_fallback_alert) > > The page you are trying to view cannot be shown because the > authenticity of the received data could not be verified. > Please contact the website owners to inform them of this problem. > Alternatively, use the command found in the help menu to report this > broken site. > > Ok, so how do I fix this (other than 'yum downgrade nss firefox > nss-sysinit nss-devel nss-tools' which does 'fix' the issue)?Can someone verify this is also an issue on RHEL-7 ... looks like something that needs to be fixed if only older TLS versions are supported. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20141210/5b908a94/attachment.sig>
--On Wednesday, December 10, 2014 09:14:56 AM -0600 Johnny Hughes <johnny at centos.org> wrote:> Can someone verify this is also an issue on RHEL-7 ... looks like > something that needs to be fixed if only older TLS versions are supported.I don't have RHEL7 (*cough*) installed on a desktop yet, but I disabled SSL version control in RHEL6 and didn't see the issue come up. Not quite the data point you're looking for ...