cancel
Showing results for 
Search instead for 
Did you mean: 

Cant connect to webmail using latest firefox

redtux
Dabbler
Posts: 11
Thanks: 7
Registered: ‎25-01-2019

Cant connect to webmail using latest firefox

Hi

Just upgraded to fedora 33 with firefox 82.

Now when I try to access webmail I get

Secure Connection Failed

An error occurred during a connection to webmail.plus.net. Cannot communicate securely with peer: no common encryption algorithm(s).

Error code: SSL_ERROR_NO_CYPHER_OVERLAP

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the web site owners to inform them of this problem.

 

Any ideas?

7 REPLIES 7
jab1
Seasoned Hero
Posts: 7,607
Thanks: 2,586
Fixes: 79
Registered: ‎24-02-2012

Re: Cant connect to webmail using latest firefox

Must be something specific to you (or Fedora) - I've just tried on my W7 machine with the same FF build, and connected with no problem.

I'll try my Zorin machine a bit later. Do you have an alternative browser installed?

John
Mook
Champion
Posts: 889
Thanks: 665
Fixes: 2
Registered: ‎27-12-2019

Re: Cant connect to webmail using latest firefox

It works for me @redtux using Safari 14.0 so it does appear to be specific to yourself. Have a look here:

https://www.lifewire.com/how-to-fix-firefox-ssl-error-no-cypher-overlap-error-4780520

 

jab1
Seasoned Hero
Posts: 7,607
Thanks: 2,586
Fixes: 79
Registered: ‎24-02-2012

Re: Cant connect to webmail using latest firefox

Just to confirm, no problems using FF82 on my Zorin box, either.

John
uglybug
Dabbler
Posts: 24
Thanks: 1
Registered: ‎17-04-2014

Re: Cant connect to webmail using latest firefox

@redtux Fedoraproject made some changes to system-wide crypto policies in F33

https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2

 

Running

update-crypto-policies --set LEGACY

as root and restarting FF is a workaround for now at least.

https://bugzilla.redhat.com/show_bug.cgi?id=1893581

alexatkin
Dabbler
Posts: 19
Thanks: 7
Registered: ‎01-03-2019

Re: Cant connect to webmail using latest firefox

I've been having this issue too, also on Fedora.

Surely the Fedora setting are irrelevant as Firefox uses its own settings?  Although that page does imply Firefox are adopting the same strict policy, but then why does it work on Windows?

 

Something doesn't add up here.

 

Also worth noting, Chrome on Fedora works fine and in fact this very page is working fine too in FF (I notice its a different certificate for this domain and possibly a different host?).  So its something specific about the certificate for the plus.net domains and/or server that is tripping it up, rightly or wrongly.

HeadFullOfWool1
Dabbler
Posts: 15
Thanks: 2
Registered: ‎13-01-2018

Re: Cant connect to webmail using latest firefox

I was having the same issue in FF (now at 87), also on Fedora 33, with www.plus.net main site (but not this community.plus.net site).

Thanks for the link to the fedoraproject.org page about those crypto policy changes.  I used the rollback for Fedora 32 settings, rather than Legacy (as they mention try it incrementally). 

update-crypto-policies --set DEFAULT:FEDORA32

After a system reboot (just restarting Firefox wasn't enough), that fixed it for me.

HeadFullOfWool1
Dabbler
Posts: 15
Thanks: 2
Registered: ‎13-01-2018

Re: Cant connect to webmail using latest firefox

I agree - saw same behaviour, with FF 87 failing on main www.plus.net, but OK here on community.plus.net and Chrome OK for everything.

Tried calling Support initially, in vain hope of a server-side fix... very vain hope, they had no idea - only suggestion being "Chrome is more secure than Firefox..." 🙄

As soon I mentioned the SSL or TLS issue being server-side they were just "Uhh...".  At which point I came here (after having to reset my forum account password for the third time, as I don't use it much - which requires disabling the Plusnet email SPAM protection first, or you will never get the reset message link).

The main site uses a GoDaddy-issued certificate, and either their certificate or the server config is only enabling TLS 1.2, whereas this community site uses a DigiCert issed certificate and uses TLS 1.3.

We can only hope that once the GoDaddy certificate expires, that the renewal uses a DigiCert CA instead - or they correct the server config for enabling TLS 1.3.