SSL cypher issue - cannot access with Firefox on EL6

  • Hi

    Our developers have started reporting problems accessing using Firefox 60 ESR on EL 6.10:

    An error occurred during a connection to Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

    It looks like the site only supports two cyphers, neither of which are supported by the latest NSS on EL 6.10:

    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)

    Is this intentional because it excludes anyone using Red Hat 6 / CentOS 6 / Scientific Linux 6?


  • Qt provides local documentation which can be used from Qt Creator or Assistant, it requires no Internet access at all

  • Thanks for the reply. For sure I'll suggest that. I'm just hoping to alert someone of the possible misconfiguration of the subdomain as enforcing SSL with only TLS 1.2 and 2 ciphers will probably prevent access from more platforms than just this case.

  • It's been resolved with 2 extra cipher suites added :-)

    | ssl-enum-ciphers:
    | TLSv1.2:
    | ciphers:
    | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
    | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
    | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
    | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A

Log in to reply