On Wed, 27 Mar 2019 14:47:41 -0000
"Enrique Artal" <enriqueartal(a)gmail.com> wrote:
Hi,
I have a problem with firefox trying to connect to a page of my
university (address below). This is the error message: Secure
Connection Failed
An error occurred during a connection to rrhh.unizar.es. Cannot
communicate securely with peer: no common encryption algorithm(s).
Error code: SSL_ERROR_NO_CYPHER_OVERLAP
The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified. Please
contact the website owners to inform them of this problem.
It also occurs with seamonkey but it works without problems with
chrome and chromium. Other colleagues with other linux systems do not
have this issue. Other colleague installed fedora in a virtual
machine and had the same problem. Best, Enrique.
There has been a discussion on the devel list about making obsolete
compromised algorithms in libssl2(?). IIRC, it was agreed to do this,
but only using a switch that would default to off, and only in rawhide.
What version of Fedora are you using? It seems that you have this
switch set to on, and your university is using an insecure encryption
algorithm. The people for whom login works have set their machines to
allow the insecure algorithm.
Since it is only occurring with mozilla products, it is possible that
mozilla unilaterally disabled these insecure protocols in their latest
offerings. Alternatively, Fedora might have enabled it for the version
you are using, either because I was wrong in my recollection, or in
error.
Here's a page that explains how to make your firefox browser less
secure, so you can log in. It is old, but should still work if it is
the browser causing the problem, rather than Fedora.
https://www.ryananddebi.com/2014/12/10/bypassing-the-ssl_error_no_cypher_...
For what it is worth, I can get to the login page at that address using
nightly, the development version of firefox. I must be allowing
insecure protocols on my system (Fedora 28). The first three settings
on the about:config page in nightly for security.tls.version are 4, 4,
1.