SSL is disabled: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
No edit summary
(→‎Check SSL settings: updated obsolete description)
 
(22 intermediate revisions by 6 users not shown)
Line 1: Line 1:
SSL (Secure Socket Layers) is a protocol that secures communication over the Internet. Most banking sites and online stores require sensitive information be sent over SSL. If Firefox, Mozilla Suite, or Thunderbird claims SSL is disabled, try the following things:
SSL (Secure Sockets Layer) is a [http://en.wikipedia.org/wiki/Transport_Layer_Security security protocol] that secures communication over the Internet. Most banking sites and online stores require sensitive information be sent over SSL. This article deals with an  "SSL protocol has been disabled" error.  For information on other messages received when accessing secure sites, see [[Error loading secure sites]].


* Check your SSL settings  in "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Encryption" (Firefox 2) "Tools -> Options -> Advanced -> Security" (Firefox 1.5 or earlier) or  "Edit -> Preferences -> Privacy & Security -> SSL" (Mozilla Suite).  "Use SSL 3.0" and "Use TLS 1.0" should both be checked.
==Error messages==
* Make sure that "Do not use OCSP for certificate validation" is selected under "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Encryption -> Verification" (Firefox 2) "Tools -> Options -> Advanced -> Security -> Verification" (Firefox 1.5 or earlier) or  "Edit -> Preferences -> Privacy & Security ->  Validation" (Mozilla Suite).
If SSL is disabledyou will see a dialog box or error page, with a message similar to the following:
* If you're using a manual proxy, make sure "Use this proxy for all protocols" and "SSL proxy" in "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Network / Connection -> Settings" (Firefox 2) or "Tools -> Options -> General -> Connection Settings" (Firefox 1.5 or earlier) are set to the correct values.
* (Firefox 2) ''Firefox can't connect securely to www.example.com because the SSL protocol has been disabled.''
* If you received the message "Could not initialize the browser's security component. The most likely cause is problems with files in your browser's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the browser and fix the problem. If you continue to use this browser session, you might see incorrect browser behavior when accessing security features."...
* (SeaMonkey 1.x) ''SeaMonkey can't connect securely to www.example.com because the SSL protocol has been disabled.''
** Check your hard drive's remaining capacity and the file permissions on the files in your [[profile folder]].
:[[Image:Secure_site_error.png]]
** Delete the ''cert8.db'' file in your [[profile folder]] and try again. [http://www.uni.edu/turnert/2005/02/thunderbird-error-could-not-initialize.html]
** Try [[profile manager | creating a new profile]]. Your current profile might be corrupted due to many reasons, such as changes in your system or lack of HD space at one point.
* Firefox and Mozilla Suite use a loopback connection which is required for SSL. Check your firewall settings to make sure you have not blocked incoming connections to Firefox or Mozilla Suite.
* Clear the cache: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Network / Cache -> Clear Now" (Firefox 2) "Tools -> Options -> Privacy -> Cache -> Clear" (Firefox 1.5 or earlier) or "Edit -> Preferences -> Advanced -> Cache -> Clear Cache" (Mozilla Suite).
* Try [http://weblogin.bu.edu/troubleshooting?cmd=ssl this SSL test]. If your browser passes, it's likely a problem with the site you're trying to connect to.
* Try the [[standard diagnostic]].
* Make sure you are using a version of Firefox/Thunderbird/Seamonkey that was compiled with SSL support.  Official releases downloaded from the Mozilla website will have SSL enabled but if you or your administrator have custom compiled the software, SSL support may have been disabled. You will need to recompile or use a version that has been compiled with SSL.


==If the site uses an older, insecure SSL version==
* (Firefox 3 and SeaMonkey 2) ''Secure Connection Failed. An error occurred during a connection to www.example.com. <br> Can't connect securely because the SSL protocol has been disabled.''
Starting in Firefox 2, support for SSL version 2.0 is disabled by default and is no longer available in the Firefox Options window.   You can enable SSL 2.0, if necessary,  in Firefox 2 or later by setting the preference '''security.enable_ssl2''' to "true" in [[about:config]].
:[[Image:SSLdisabled.png]]


'''Note''': you can't make a permanent exception in Firefox 3.5 or newer if Firefox is in Private Browsing mode.
If you see one of these errors, try the following solutions:
==Check SSL settings==
Check that SSL is enabled.
* Firefox 2 and above: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Encryption":  "Use SSL 3.0" and "Use TLS 1.0" should both be checked.
**The UI for selecting the required range of encryption protocols has been removed in Firefox 23.0 and later, thus you'll need to change the [[security.tls.version.*]] preferences in [[About:config#Opening_about:config|about:config]].
* SeaMonkey:  "[[Menu differences in Windows, Linux, and Mac|Edit -> Preferences]] -> Privacy & Security -> SSL": At least "TLS 1.1" and "TLS 1.2" should be checked.
'''Notes:'''
# '''SSL 3.0 is considered unsafe''' and disabled by default starting with Firefox/Thunderbird 34.0 and SeaMonkey 2.31. Enable it ''only'' to access legacy websites not working with TLS 1.x, and only as long as needed, keeping in mind that it's vulnerable to attacks.
# TLS 1.0 is an upgrade to SSL 3.0 with a new name (TLS 1.0 = SSL 3.1), TLS 1.1 and 1.2 are further updates to TLS 1.0.
# In certain circumstances (e.g., government installations), SSL 3.0 ''has'' to be kept disabled and user changes disallowed. See [[Locking preferences]] how to accomplish that by forcing [[security.tls.version.min]] to 1 for the entire installation.
==Check proxy settings==
If you're using a manual proxy, make sure "Use this proxy for all protocols" and "SSL proxy" in "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Network / Connection -> Settings" (Firefox 2 and above) or "[[Menu differences in Windows, Linux, and Mac|Edit -> Preferences]] -> Advanced -> Proxies" (Mozilla Suite/SeaMonkey) are set to the correct values.
==Check firewall==
Mozilla applications require a loopback connection to be available for SSL. Check your firewall settings to make sure you have not blocked incoming connections to Mozilla applications. See the [[Firewalls]] article for details on firewall configuration.
==Check date and time==
If you get an error about an expired certificate that should be valid according to the date or a certificate that will be valid in the future then check the date and time on your computer to make sure that both are correct.
==Clear cache==
You may simply have an out of date version of the page in your cache. Try [[clearing the cache]].
==SSL diagnostics==
You can try [http://weblogin.bu.edu/troubleshooting?cmd=ssl this SSL test]. If your browser passes, it's likely a problem with the site you're trying to connect to.
==SSL disabled on Windows 9x systems after upgrade==
If you're on Windows 98 or ME and  SSL no longer works after updating to Firefox 2.0.0.2 or later, Firefox 1.5.0.10 or later 1.5 builds, and Thunderbird 1.5.0.10 and later 1.5 builds, you may be able to fix it by [http://www.microsoft.com/downloads/details.aspx?FamilyID=1e1550cb-5e5d-48f5-b02b-20b602228de6&DisplayLang=en installing IE 6.0 SP1].[http://forums.mozillazine.org/viewtopic.php?t=524829][https://bugzilla.mozilla.org/show_bug.cgi?id=372478]
==SSL support==
If, rather that downloading the program from Mozilla, you compiled the Mozilla application yourself or received it from an administrator, it's possible SSL support was disabled.
==Other solutions==
*A corrupt "cert8.db" file in the  [[profile folder]]  can sometimes cause this error.    [[Kill application|Completely close your Mozilla application]] and then delete or rename this file  (more information [[Could_not_initialize_the_browser_security_component#Corrupted_file|here]]). 
*Try the [[standard diagnostic]].
==See also==
*[[Cannot connect securely because the site uses an older insecure version of the SSL protocol]]
*[[Could not initialize the browser security component]]
*[[OCSP error when accessing secure sites]]
*[[SSL Security Error]]


[[Category:Issues (Firefox)]]
[[Category:Issues (Firefox)]]

Latest revision as of 04:11, 3 November 2014

SSL (Secure Sockets Layer) is a security protocol that secures communication over the Internet. Most banking sites and online stores require sensitive information be sent over SSL. This article deals with an "SSL protocol has been disabled" error. For information on other messages received when accessing secure sites, see Error loading secure sites.

Error messages

If SSL is disabled, you will see a dialog box or error page, with a message similar to the following:

  • (Firefox 2) Firefox can't connect securely to www.example.com because the SSL protocol has been disabled.
  • (SeaMonkey 1.x) SeaMonkey can't connect securely to www.example.com because the SSL protocol has been disabled.
  • (Firefox 3 and SeaMonkey 2) Secure Connection Failed. An error occurred during a connection to www.example.com.
    Can't connect securely because the SSL protocol has been disabled.

Note: you can't make a permanent exception in Firefox 3.5 or newer if Firefox is in Private Browsing mode.

If you see one of these errors, try the following solutions:

Check SSL settings

Check that SSL is enabled.

  • Firefox 2 and above: "Tools -> Options -> Advanced -> Encryption": "Use SSL 3.0" and "Use TLS 1.0" should both be checked.
    • The UI for selecting the required range of encryption protocols has been removed in Firefox 23.0 and later, thus you'll need to change the security.tls.version.* preferences in about:config.
  • SeaMonkey: "Edit -> Preferences -> Privacy & Security -> SSL": At least "TLS 1.1" and "TLS 1.2" should be checked.

Notes:

  1. SSL 3.0 is considered unsafe and disabled by default starting with Firefox/Thunderbird 34.0 and SeaMonkey 2.31. Enable it only to access legacy websites not working with TLS 1.x, and only as long as needed, keeping in mind that it's vulnerable to attacks.
  2. TLS 1.0 is an upgrade to SSL 3.0 with a new name (TLS 1.0 = SSL 3.1), TLS 1.1 and 1.2 are further updates to TLS 1.0.
  3. In certain circumstances (e.g., government installations), SSL 3.0 has to be kept disabled and user changes disallowed. See Locking preferences how to accomplish that by forcing security.tls.version.min to 1 for the entire installation.

Check proxy settings

If you're using a manual proxy, make sure "Use this proxy for all protocols" and "SSL proxy" in "Tools -> Options -> Advanced -> Network / Connection -> Settings" (Firefox 2 and above) or "Edit -> Preferences -> Advanced -> Proxies" (Mozilla Suite/SeaMonkey) are set to the correct values.

Check firewall

Mozilla applications require a loopback connection to be available for SSL. Check your firewall settings to make sure you have not blocked incoming connections to Mozilla applications. See the Firewalls article for details on firewall configuration.

Check date and time

If you get an error about an expired certificate that should be valid according to the date or a certificate that will be valid in the future then check the date and time on your computer to make sure that both are correct.

Clear cache

You may simply have an out of date version of the page in your cache. Try clearing the cache.

SSL diagnostics

You can try this SSL test. If your browser passes, it's likely a problem with the site you're trying to connect to.

SSL disabled on Windows 9x systems after upgrade

If you're on Windows 98 or ME and SSL no longer works after updating to Firefox 2.0.0.2 or later, Firefox 1.5.0.10 or later 1.5 builds, and Thunderbird 1.5.0.10 and later 1.5 builds, you may be able to fix it by installing IE 6.0 SP1.[1][2]

SSL support

If, rather that downloading the program from Mozilla, you compiled the Mozilla application yourself or received it from an administrator, it's possible SSL support was disabled.

Other solutions

See also