Skip to content
Menu
Ryan and Debi & Toren
  • highpoints
  • Privacy Policy
  • R
  • tech
  • Where I’ve Been
Ryan and Debi & Toren

bypassing the “ssl_error_no_cypher_overlap” error in Firefox 34

Posted on December 10, 2014

Generally speaking, it’s a bad idea to override security protocols browsers have instituted as they are designed to keep you safe on the internet (in the “less likely to be hacked” sense).  However, with a recent update to Firefox 34, a website I use all the time for my research that is run by my university was no longer allowing me to login.  Instead, I was receiving this message:

ssl1

Since I know the website is safe (I’ve used it thousands of times over the last seven years), I needed to bypass this security protocol in Firefox.  After some googling for solutions, I found one, but it wasn’t very clear.  So, here’s what I did with screen captures for assistance…

1) Open a new tab in Firefox and type “about:config” in the URL bar (without the quotes, of course):

ssl3

2) You’re likely to get another warning message saying “This might void your warranty!” (see screen capture below)  Firefox is trying to keep you from making changes to the underlying settings of the browser.  Promise to be careful and move on:

ssl2

3) Once you click on the “I promise to be careful” button, you’ll see a search box and a huge list of settings:

ssl4

4) In the search bar, enter the following (without the quotes): “security.tls.version.”:

ssl6

5) You’re going to change two of those settings.  First, right-click on the setting “security.tls.version.fallback-limit” and select modify.  You’re going to change the “1” to “0”.  Then do the same thing with “security.tls.version.min”, changing the “1” to “0”.  You should now see the following:

ssl5

6) Now trying loading the page that was giving you the security warning.  It should load.

NOTE: Keep in mind, you have now made your browser less secure.  Really what you should do is contact the administrator of the website that isn’t loading and tell them that they need to update their security on the website so you don’t have to expose yourself to greater security risks.  But, if this is an essential website for you to use in the meantime, this should get you around the issue.

 51,339 total views,  137 views today

70 thoughts on “bypassing the “ssl_error_no_cypher_overlap” error in Firefox 34”

  1. Daniel Fischer says:
    December 12, 2014 at 9:50 pm

    Sadly, even this didn’t help – could you please check whether *your* Firefox can access after the fix you describe? (An older Opera version has no problems with that site.)

    Thanks!

    Reply
    1. ryan says:
      December 13, 2014 at 11:35 am

      Hi Daniel,

      You’re correct. That site is still not loading even with the changes in place. Not sure why it isn’t working. My only suggestion would be to try adjusting some of the other SSL settings (in the about:config window of Firefox, type “security.ssl” and you’ll be able to see about 20 different options that you could modify to see if they allow you to access that site). If you figure it out, please come back and post here to let us know what worked.

      Reply
    2. June Myklebust says:
      January 29, 2016 at 12:07 am

      the first setting that was said to change from 1 to 0 on my pc was at 3 changing to 0 did not work but changing it to 1 {from 3} worked.

      Reply
      1. Adam says:
        February 8, 2016 at 2:01 pm

        Thank you that worked for me.

        Reply
      2. Pedro Sá says:
        February 29, 2016 at 10:25 am

        This worked for me too. Thank you very much!

        Reply
  2. G. Koelman says:
    December 13, 2014 at 10:23 am

    In windows10 it was not possible logging in in https://“remote draytek router”:443.
    This solution fixed the job.

    Reply
    1. John says:
      January 28, 2015 at 5:21 am

      Had the same issue accessing our Draytek on 8.1. Once again, this solution fixed the problem on Firefox. Very many thanks!

      Reply
  3. Alex says:
    December 19, 2014 at 5:43 am

    thnx man!

    Reply
  4. Nik says:
    January 2, 2015 at 8:53 pm

    Problem is that – after a look at the traffic via Wireshark – FF34 still sends “SSL 3.0 Client Hello” (Version: SSL 3.0 (0x0300)) while the server then responds with a “Level: Fatal – Handshake Failure”, and FF just displays the erroneous message about “Firefox cannot guarantee the safety of your data on localhost because it uses SSLv3, a broken security protocol.”, which is completely rubbish. This is clearly a bug in FF.

    Reply
  5. Phil says:
    January 3, 2015 at 9:07 pm

    Thanks Man!

    Reply
  6. Bob Farrow says:
    January 10, 2015 at 5:20 am

    Thanks you for diagnosing this problem and having the patience and kindness to publish it.

    Reply
  7. Paul says:
    January 21, 2015 at 7:11 am

    Thank you for the instructions, this worked.

    Reply
  8. Aldo says:
    February 1, 2015 at 5:33 am

    The procedure described here works perfectly for my case: I had a configuration page for a server with limited possibilities to manage certificates (only a self-signed certificate was available) that was no longer working after latest updates of firefox and chrome. Now it works again.

    Thanks a lot!
    Aldo

    Reply
  9. Trepa says:
    February 23, 2015 at 9:51 am

    You can globally re-enable connecting to ssl by going into about:config
    search for the preference named security.tls.version.min. double-click it, change its value to 0 and restart the browser.

    Reply
  10. P S Kundu says:
    March 13, 2015 at 7:54 am

    (Error code: ssl_error_no_cypher_overlap) how to overcome?

    Reply
  11. Haakon says:
    March 26, 2015 at 8:13 am

    Thanks a lot, this helped me log in to our old unsecure UPS adminpage 🙂

    Reply
  12. Rajesh says:
    April 6, 2015 at 2:15 am

    Thanks a lot

    Reply
  13. Anna says:
    April 6, 2015 at 9:16 am

    Worked Thank u

    Reply
  14. ark says:
    April 8, 2015 at 3:37 pm

    Thank you, perfect. It worked

    Reply
    1. bill says:
      April 9, 2015 at 12:45 pm

      i used internet explorer to access the site that fire fox would not let me access due to the error code and had no problem

      Reply
  15. Ed says:
    April 10, 2015 at 5:12 pm

    Thanks — I just ran into this problem and your fix worked.

    Reply
  16. Anil says:
    April 13, 2015 at 1:21 am

    thanks bro

    Reply
  17. Funkyy says:
    April 13, 2015 at 11:42 pm

    Thanks a million for the solution. I had been trying all day to enter a page of the Tax Dept and kept getting the error message. I tried your solution and it worked first time. I also reset the changes back to normal afterwards. Thanks again, this was very important for me.

    Reply
  18. bill@srnm.net says:
    April 16, 2015 at 8:00 pm

    Great! I have tried several fixes with no luck. This one worked. Thank you!

    Reply
  19. Rob says:
    April 23, 2015 at 11:26 pm

    Thanks, this worked, but:
    ” Really what you should do is contact the administrator of the website that isn’t loading and tell them that they need to update their security on the website so you don’t have to expose yourself to greater security risks.”

    Can someone tell American Airlines that?

    Reply
  20. Harry Gebel says:
    May 1, 2015 at 6:41 pm

    Ryan, you say you know the website is safe, but in fact it is not. It is still using SSL v3.0 which is vulnerability not just for you but for the website as well. The only way to make it safe is to convince the administrators to stop allowing SSL v3.0, not to bypass the browsers protections. The fact that you know the website operators have no bad intentions is not relevant, as this vulnerability can be exploited without the cooperation of the website administrators, or even of anyone connect with the website. If you do have to access the website, please turn the protections back on when you are finished.

    Reply
  21. ryan says:
    May 27, 2015 at 1:23 pm

    Alas, I don’t. The reason why I was figured it out on Firefox was because I couldn’t figure it out on Chrome. Do you really need to use Chrome on that website? If so, another option would be to use an older version of Chrome. You could set up a virtual machine using something like Virtual Box and install an older version of Chrome on that. That would get around it if you really need to. Not sure what to tell you with the latest versions other than to tell the website host to update their site.

    Reply
  22. Vulk says:
    May 27, 2015 at 10:44 am

    This worked perfectly on firefox.

    However, I’m having the exact same problem in Google Chrome but it presents itself as a timeout limit error. I have uninstalled/reinstalled, restarted, and even performed a system restore and the problem persists on Chrome for the same website with https which now works on Firefox due to your fix.

    Do you have any suggestions to make this fix on Chrome? I would appreciate it.

    Reply
  23. Rick says:
    May 28, 2015 at 11:03 pm

    Thank you for publishing this. It fixed my problem accessing a local utility site.

    Reply
  24. vegesoft says:
    June 4, 2015 at 6:10 pm

    Excelente, me funciono para la siguiente url “

    Reply
  25. Lucy says:
    June 10, 2015 at 1:44 pm

    This is bad advice. You should add the domains you want to bypass to this about:config entry: security.tls.insecure_fallback_hosts

    Separate them by commas. See the solution here – https://support.mozilla.org/en-US/questions/1058193#answer-719770

    This allows you to *only* bypass the security for sites you trust/must access. Not for everything.

    Reply
    1. ashraf nalakath says:
      August 17, 2016 at 1:15 am

      this is working fine for me

      Reply
    2. Havs says:
      October 17, 2016 at 3:41 pm

      THANK YOU! THANK YOU! THANK YOU! This did the trick to reach my Juniper SSGs.

      Reply
    3. Claudia Lertora says:
      December 7, 2016 at 7:20 am

      Thanks very much Lucy! 🙂 This worked perfectly for me (I’m using a firefox portable)

      Reply
    4. Rick says:
      January 24, 2017 at 5:09 am

      Many thanks Lucy, your post did help me a lot…

      Reply
    5. Anonymous says:
      December 21, 2017 at 4:12 am

      Thanks Lucy. Adding hosts (I added IPs in my case) in security.tls.insecure_fallback_hosts finally allowed me to bypass this error. All other suggested fixes did not work.

      Reply
    6. Rene says:
      June 23, 2018 at 5:18 am

      Good Answer!
      Used it myself.

      Reply
  26. anxelm says:
    June 24, 2015 at 5:30 am

    the combination of you and lucy solved my problem. many and much thanks to you both. well, lucy, that’s better advice. (p.s. after my successful login, i removed the domain from security.tls.insecure_fallback_hosts and it still worked – i think i have had a ‘bad’ certificate)

    anx

    Reply
  27. laks says:
    June 26, 2015 at 4:59 am

    Thank you for the steps.

    Reply
  28. ahmad jahri says:
    July 5, 2015 at 9:35 pm

    thank you

    Reply
  29. Rain says:
    July 6, 2015 at 1:33 am

    No with Firefox version 39 they have “fixed” this solution. Still not working 🙁

    Reply
  30. Anonymous says:
    July 17, 2015 at 5:31 am

    Thanks!!! It works!!!

    Reply
  31. Anonymous says:
    July 17, 2015 at 5:33 am

    Explanation and advice by Lucy (above comment) seems wise. However it needs to be tested!!! The hack mentioned in the post is perfect :)!!!

    Reply
  32. Anonymous says:
    July 23, 2015 at 6:12 am

    you’re fantastic!
    Thanks a lot!

    Reply
  33. Rick says:
    August 2, 2015 at 2:36 pm

    The solution posted in this article previously worked for me, but no longer works in version 39.0. I gave up looking for a fix and went with a different browser.

    Reply
  34. Sidharth says:
    October 9, 2015 at 11:52 pm

    I was unable to open most of the https sites on my computer at college lab. The computer runs Firefox 12.0. This version of Firefox does not have the options “security.tls.version.” and “security.tls.version.min”. Instead it had the option “security.enable_tls”. It was set to ‘false’ by someone. Toggling it to ‘true’ made the https sites load.

    Reply
    1. JD says:
      August 26, 2016 at 3:38 am

      This worked for me .Thanks a lot.

      Reply
  35. Mukharjee Pinapaka says:
    December 11, 2015 at 11:15 am

    please add -keyalg RSA while generating key . this will solve the problem

    Reply
  36. Richard says:
    February 15, 2016 at 12:03 am

    You sir are the greatest person to have ever lived! worked like a charm. 😀

    Reply
  37. Henk says:
    September 20, 2016 at 3:55 am

    Only security.tls.insecure_fallback_hosts worked for me – thanks Lucy!

    Reply
  38. Mavil says:
    September 23, 2016 at 7:18 pm

    If it doesn’t work just set this option security.tls.unrestricted_rc4_fallback;true
    and that’s it!

    🙂

    Reply
    1. Bruce Greyhame says:
      September 29, 2016 at 3:08 am

      You sir are a genius!!! NOTHING worked on here but your suggestion/solution worked!!!

      Reply
  39. jan says:
    October 10, 2016 at 3:59 am

    For me works following:
    security.tls.version.fallback-limit;1
    security.tls.version.max;3
    security.tls.version.min;1
    services.sync.prefs.sync.security.tls.version.max;false
    services.sync.prefs.sync.security.tls.version.min;false

    Reply
  40. Bryan D says:
    October 13, 2016 at 11:59 am

    I completed the following and it worked for me:
    1. security.tls.unrestricted_rc4_fallback – toggled to true
    2. security.tls.version.fallback-limit – set to “0”
    3. security.tls.version.min – set to “0”

    Ryan, thanks for the nudge in the right direction!

    Reply
    1. suse says:
      November 6, 2016 at 6:47 pm

      This exact setup worked for me as well.

      Reply
  41. Stefan Freinatis says:
    November 20, 2016 at 4:28 am

    With Firefox 50.0 none of the above mentioned advices worked for me. I’m still staying unable to log into my local area network connected SNOM370 IP phone.

    Reply
    1. Stefan Freinatis says:
      November 20, 2016 at 5:09 am

      Update — the RC4 support has been completely removed in FF50 as stated in https://www.fxsitecompat.dev/en-CA/docs/2016/rc4-support-has-been-completely-removed/. Yep, owing to this paternalism by Mozilla, I cannot HTTPs my phone next to me.

      Reply
    2. Roger Lee says:
      December 14, 2016 at 4:28 pm

      Yes, it appears that you really need to keep the Firefox 49.0.2 installer on hand now. Turn off all updating, install 49.0.2 and add the domains you want to bypass to about:config entry: security.tls.insecure_fallback_hosts (Thanks, Lucy!)

      Reply
  42. Donald says:
    December 21, 2016 at 9:28 am

    The solution from Bryan (10/13/2016) did work for me too. I had firefox 51, downgraded to firefox 49 and implemented solution.

    Reply
    1. Holger says:
      December 27, 2016 at 9:13 am

      Thx for clearification about dropped RC4 support in version 50. I was struggling with problems for weeks.
      I solved it temporarily be using an old IE to access the two sites causing me problems.

      Reply
  43. Molls says:
    March 1, 2017 at 11:46 am

    Hiya! Sadly when I typed in “security.tls.version.” It did not work 🙁 and I have a report due soon! Any suggestions?

    Reply
    1. Molls says:
      March 1, 2017 at 11:48 am

      (and yes I typed it without the quotations)

      Reply
      1. ryan says:
        March 1, 2017 at 11:51 am

        I just checked in the latest version of Firefox and it still pulls up. Did you type “about:config” in the browser URL bar first? Then, in the Search box below that, search for security.tls.version? If so, you should find it.

        Reply
  44. magic hands says:
    September 21, 2017 at 10:11 am

    I used a old copy of Firefox-Portable I still had from 2013. It is version 21, so it connected with no changes needed.

    Reply
  45. Mark says:
    October 11, 2017 at 10:42 am

    None of these workarounds — absolutely *NONE* of them — works with FF 56. Looks like I’m stuck forever with “ssl_error_no_cypher_overlap” if I want to keep using FF, particularly whenever I try to log into Amazon.com

    Utterly absurd.

    Reply
  46. Usman says:
    April 23, 2018 at 5:55 am

    worked…thanks

    Reply
  47. barebones says:
    October 17, 2018 at 12:12 pm

    Amazing! A straight forward, easy to follow solution that actually works. I just updated to Firefox 62.?, the UN was diddling with the Internet over the weekend, and the Sunnyvale crud were pre-election deleting conservative sites . I still don’t know what caused the problem, but it is now avoided. I’m using Kaspersky so hope it helps with security.

    Reply
  48. Anonymous says:
    December 30, 2018 at 8:06 am

    ?

    Reply
  49. Noah says:
    May 6, 2019 at 6:10 am

    This error can also be caused by BT Webprotect blocking a site by mistake, so if you are with BT this is worth checking too.

    Reply
  50. james says:
    February 17, 2020 at 7:59 am

    Hello am using firefox3.6.28 the error still persists despite am using windows cp so i cant update to the latestet version any assistance

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • advice
  • country highpoints
  • funny stuff
  • general news
  • hiking
  • memories
  • movie reviews
  • opinions
  • other
  • politics
  • R
  • religion
  • sociology
  • state highpoints
  • stories
  • technology
  • Toren
  • travel
  • website feedback
©2023 Ryan and Debi & Toren | WordPress Theme by Superbthemes.com