SSL is disabled

From MozillaZine Knowledge Base
Jump to navigationJump to search

SSL (Secure Sockets Layer) is a security protocol that secures communication over the Internet. Most banking sites and online stores require sensitive information be sent over SSL. This article deals with an "SSL protocol has been disabled" error. For information on other messages received when accessing secure sites, see Error loading secure sites.

Error messages

If SSL is disabled, you will see a dialog box or error page, with a message similar to the following:

  • (Firefox 2) Firefox can't connect securely to www.example.com because the SSL protocol has been disabled.
  • (SeaMonkey 1.x) SeaMonkey can't connect securely to www.example.com because the SSL protocol has been disabled.
  • (Firefox 3 and SeaMonkey 2) Secure Connection Failed. An error occurred during a connection to www.example.com.
    Can't connect securely because the SSL protocol has been disabled.

Note: you can't make a permanent exception in Firefox 3.5 or newer if Firefox is in Private Browsing mode.

If you see one of these errors, try the following solutions:

Check SSL settings

Check that SSL is enabled.

  • Firefox 2 and above: "Tools -> Options -> Advanced -> Encryption": "Use SSL 3.0" and "Use TLS 1.0" should both be checked.
    • The UI for selecting the required range of encryption protocols has been removed in Firefox 23.0 and later, thus you'll need to change the security.tls.version.* preferences in about:config.
  • SeaMonkey: "Edit -> Preferences -> Privacy & Security -> SSL": At least "TLS 1.1" and "TLS 1.2" should be checked.

Notes:

  1. SSL 3.0 is considered unsafe and disabled by default starting with Firefox/Thunderbird 34.0 and SeaMonkey 2.31. Enable it only to access legacy websites not working with TLS 1.x, and only as long as needed, keeping in mind that it's vulnerable to attacks.
  2. TLS 1.0 is an upgrade to SSL 3.0 with a new name (TLS 1.0 = SSL 3.1), TLS 1.1 and 1.2 are further updates to TLS 1.0.
  3. In certain circumstances (e.g., government installations), SSL 3.0 has to be kept disabled and user changes disallowed. See Locking preferences how to accomplish that by forcing security.tls.version.min to 1 for the entire installation.

Check proxy settings

If you're using a manual proxy, make sure "Use this proxy for all protocols" and "SSL proxy" in "Tools -> Options -> Advanced -> Network / Connection -> Settings" (Firefox 2 and above) or "Edit -> Preferences -> Advanced -> Proxies" (Mozilla Suite/SeaMonkey) are set to the correct values.

Check firewall

Mozilla applications require a loopback connection to be available for SSL. Check your firewall settings to make sure you have not blocked incoming connections to Mozilla applications. See the Firewalls article for details on firewall configuration.

Check date and time

If you get an error about an expired certificate that should be valid according to the date or a certificate that will be valid in the future then check the date and time on your computer to make sure that both are correct.

Clear cache

You may simply have an out of date version of the page in your cache. Try clearing the cache.

SSL diagnostics

You can try this SSL test. If your browser passes, it's likely a problem with the site you're trying to connect to.

SSL disabled on Windows 9x systems after upgrade

If you're on Windows 98 or ME and SSL no longer works after updating to Firefox 2.0.0.2 or later, Firefox 1.5.0.10 or later 1.5 builds, and Thunderbird 1.5.0.10 and later 1.5 builds, you may be able to fix it by installing IE 6.0 SP1.[1][2]

SSL support

If, rather that downloading the program from Mozilla, you compiled the Mozilla application yourself or received it from an administrator, it's possible SSL support was disabled.

Other solutions

See also