SSL is disabled: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
No edit summary
(→‎Check SSL settings: updated obsolete description)
 
(47 intermediate revisions by 20 users not shown)
Line 1: Line 1:
SSL (Secure Socket Layers) is a protocol that secures communication over the Internet. Most banking sites and online stores require sensitive information be sent over SSL. If Firefox or Mozilla Suite claims SSL is disabled, try the following things:
SSL (Secure Sockets Layer) is a [http://en.wikipedia.org/wiki/Transport_Layer_Security security protocol] that secures communication over the Internet. Most banking sites and online stores require sensitive information be sent over SSL. This article deals with an  "SSL protocol has been disabled" error.  For information on other messages received when accessing secure sites, see [[Error loading secure sites]].


* Check your SSL settings in "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Security" (Firefox) or "Edit -> Preferences -> Privacy & Security -> SSL" (Mozilla Suite). "Use SSL 2.0", "Use SSL 3.0", and "Use TLS 1.0" should all be checked.
==Error messages==
* Select "Tools -> Options -> Advanced -> Verification -> Do not use OCSP for certificate validation" (Firefox) or "Edit -> Preferences -> Privacy & Security -> Validation -> Do not use OCSP for certificate validation" (Mozilla Suite).
If SSL is disabled,  you will see a dialog box or error page, with a message similar to the following:
* If you're using a manual proxy, make sure "Use this proxy for all protocols" and "SSL proxy" in "Tools -> Options -> General -> Connection Settings" (Firefox) are set to the correct values.
* (Firefox 2) ''Firefox can't connect securely to www.example.com because the SSL protocol has been disabled.''
* If you also received this message "Could not initialize the browser's security component. The most likely cause is problems with files in your browser's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the browser and fix the problem. If you continue to use this browser session, you might see incorrect browser behavior when accessing security features.", then check your hard drive's remaining capacity and the file permissions on the programs in your [[profile folder]].
* (SeaMonkey 1.x)  ''SeaMonkey can't connect securely to www.example.com because the SSL protocol has been disabled.''
* Firefox and Mozilla Suite use a loopback connection which is required for SSL. Check your firewall settings to make sure you have not blocked incoming connections to Firefox or Mozilla Suite.
:[[Image:Secure_site_error.png]]
* Clear the cache: "Tools -> Options -> Privacy -> Cache -> Clear Cache Now" (Firefox) or "Edit -> Preferences -> Advanced -> Cache -> Clear Cache" (Mozilla Suite).
 
* Try creating a new profile (follow this [http://www.mozilla.org/support/firefox/profile#new guide] if you don't know how to).  The reason is that your current profile might be corrupted due to many reasons, such as changes in the systems or lack of HD space.
* (Firefox 3 and SeaMonkey 2) ''Secure Connection Failed. An error occurred during a connection to www.example.com. <br> Can't connect securely because the SSL protocol has been disabled.''
* Try [http://weblogin.bu.edu/troubleshooting?cmd=ssl this SSL test]. If your browser passes, it's likely a problem with the site you're trying to connect to.
:[[Image:SSLdisabled.png]]
* Try the [[standard diagnostic]].
 
'''Note''': you can't make a permanent exception in Firefox 3.5 or newer if Firefox is in Private Browsing mode.
 
If you see one of these errors, try the following solutions:
==Check SSL settings==
Check that SSL is enabled.
* Firefox 2 and above: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Encryption""Use SSL 3.0" and "Use TLS 1.0" should both be checked.
**The UI for selecting the required range of encryption protocols has been removed in Firefox 23.0 and later, thus you'll need to change the [[security.tls.version.*]] preferences in [[About:config#Opening_about:config|about:config]].
* SeaMonkey:  "[[Menu differences in Windows, Linux, and Mac|Edit -> Preferences]] -> Privacy & Security -> SSL": At least "TLS 1.1" and "TLS 1.2" should be checked.
'''Notes:'''
# '''SSL 3.0 is considered unsafe''' and disabled by default starting with Firefox/Thunderbird 34.0 and SeaMonkey 2.31. Enable it ''only'' to access legacy websites not working with TLS 1.x, and only as long as needed, keeping in mind that it's vulnerable to attacks.
# TLS 1.0 is an upgrade to SSL 3.0 with a new name (TLS 1.0 = SSL 3.1), TLS 1.1 and 1.2 are further updates to TLS 1.0.
# In certain circumstances (e.g., government installations), SSL 3.0 ''has'' to be kept disabled and user changes disallowed. See [[Locking preferences]] how to accomplish that by forcing [[security.tls.version.min]] to 1 for the entire installation.
 
==Check proxy settings==
If you're using a manual proxy, make sure "Use this proxy for all protocols" and "SSL proxy" in "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Network / Connection -> Settings" (Firefox 2 and above) or "[[Menu differences in Windows, Linux, and Mac|Edit -> Preferences]] -> Advanced -> Proxies" (Mozilla Suite/SeaMonkey) are set to the correct values.
 
==Check firewall==
Mozilla applications require a loopback connection to be available for SSL. Check your firewall settings to make sure you have not blocked incoming connections to Mozilla applications. See the [[Firewalls]] article for details on firewall configuration.
 
==Check date and time==
If you get an error about an expired certificate that should be valid according to the date or a certificate that will be valid in the future then check the date and time on your computer to make sure that both are correct.
 
==Clear cache==
You may simply have an out of date version of the page in your cache. Try [[clearing the cache]].
 
==SSL diagnostics==
You can try [http://weblogin.bu.edu/troubleshooting?cmd=ssl this SSL test]. If your browser passes, it's likely a problem with the site you're trying to connect to.
 
==SSL disabled on Windows 9x systems after upgrade==
If you're on Windows 98 or ME and  SSL no longer works after updating to Firefox 2.0.0.2 or later, Firefox 1.5.0.10 or later 1.5 builds, and Thunderbird 1.5.0.10 and later 1.5 builds, you may be able to fix it by [http://www.microsoft.com/downloads/details.aspx?FamilyID=1e1550cb-5e5d-48f5-b02b-20b602228de6&DisplayLang=en installing IE 6.0 SP1].[http://forums.mozillazine.org/viewtopic.php?t=524829][https://bugzilla.mozilla.org/show_bug.cgi?id=372478]
 
==SSL support==
If, rather that downloading the program from Mozilla, you compiled the Mozilla application yourself or received it from an administrator, it's possible SSL support was disabled.
 
==Other solutions==
*A corrupt "cert8.db" file in the  [[profile folder]]  can sometimes cause this error.    [[Kill application|Completely close your Mozilla application]] and then delete or rename this file  (more information [[Could_not_initialize_the_browser_security_component#Corrupted_file|here]]). 
*Try the [[standard diagnostic]].
 
==See also==
*[[Cannot connect securely because the site uses an older insecure version of the SSL protocol]]
*[[Could not initialize the browser security component]]
*[[OCSP error when accessing secure sites]]
*[[SSL Security Error]]


[[Category:Issues (Firefox)]]
[[Category:Issues (Firefox)]]
[[Category:Issues (Mozilla Suite)]]
[[Category:Issues (Thunderbird)]]
[[Category:Privacy and security]]
[[Category:Websites]]

Latest revision as of 04:11, 3 November 2014

SSL (Secure Sockets Layer) is a security protocol that secures communication over the Internet. Most banking sites and online stores require sensitive information be sent over SSL. This article deals with an "SSL protocol has been disabled" error. For information on other messages received when accessing secure sites, see Error loading secure sites.

Error messages

If SSL is disabled, you will see a dialog box or error page, with a message similar to the following:

  • (Firefox 2) Firefox can't connect securely to www.example.com because the SSL protocol has been disabled.
  • (SeaMonkey 1.x) SeaMonkey can't connect securely to www.example.com because the SSL protocol has been disabled.
  • (Firefox 3 and SeaMonkey 2) Secure Connection Failed. An error occurred during a connection to www.example.com.
    Can't connect securely because the SSL protocol has been disabled.

Note: you can't make a permanent exception in Firefox 3.5 or newer if Firefox is in Private Browsing mode.

If you see one of these errors, try the following solutions:

Check SSL settings

Check that SSL is enabled.

  • Firefox 2 and above: "Tools -> Options -> Advanced -> Encryption": "Use SSL 3.0" and "Use TLS 1.0" should both be checked.
    • The UI for selecting the required range of encryption protocols has been removed in Firefox 23.0 and later, thus you'll need to change the security.tls.version.* preferences in about:config.
  • SeaMonkey: "Edit -> Preferences -> Privacy & Security -> SSL": At least "TLS 1.1" and "TLS 1.2" should be checked.

Notes:

  1. SSL 3.0 is considered unsafe and disabled by default starting with Firefox/Thunderbird 34.0 and SeaMonkey 2.31. Enable it only to access legacy websites not working with TLS 1.x, and only as long as needed, keeping in mind that it's vulnerable to attacks.
  2. TLS 1.0 is an upgrade to SSL 3.0 with a new name (TLS 1.0 = SSL 3.1), TLS 1.1 and 1.2 are further updates to TLS 1.0.
  3. In certain circumstances (e.g., government installations), SSL 3.0 has to be kept disabled and user changes disallowed. See Locking preferences how to accomplish that by forcing security.tls.version.min to 1 for the entire installation.

Check proxy settings

If you're using a manual proxy, make sure "Use this proxy for all protocols" and "SSL proxy" in "Tools -> Options -> Advanced -> Network / Connection -> Settings" (Firefox 2 and above) or "Edit -> Preferences -> Advanced -> Proxies" (Mozilla Suite/SeaMonkey) are set to the correct values.

Check firewall

Mozilla applications require a loopback connection to be available for SSL. Check your firewall settings to make sure you have not blocked incoming connections to Mozilla applications. See the Firewalls article for details on firewall configuration.

Check date and time

If you get an error about an expired certificate that should be valid according to the date or a certificate that will be valid in the future then check the date and time on your computer to make sure that both are correct.

Clear cache

You may simply have an out of date version of the page in your cache. Try clearing the cache.

SSL diagnostics

You can try this SSL test. If your browser passes, it's likely a problem with the site you're trying to connect to.

SSL disabled on Windows 9x systems after upgrade

If you're on Windows 98 or ME and SSL no longer works after updating to Firefox 2.0.0.2 or later, Firefox 1.5.0.10 or later 1.5 builds, and Thunderbird 1.5.0.10 and later 1.5 builds, you may be able to fix it by installing IE 6.0 SP1.[1][2]

SSL support

If, rather that downloading the program from Mozilla, you compiled the Mozilla application yourself or received it from an administrator, it's possible SSL support was disabled.

Other solutions

See also