Meanwhile both have a valid cert
Be aware that once you have visited the SSL versions the browser wont allow you to use http anymore because of our enforced HSTS setting.
HSTS? visited the SSL versions?
Well, confused as ever, I just tried to visit this site and got this message:Secure Connection Failed
An error occurred during a connection to bakabt.me.
Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher _overlap)
- The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
- Please contact the website owners to inform them of this problem.
Note: I tried main page (bakabt.me) and the browse page.
It was only after re-enabling the "cracked" SSL protos:
security.ssl3.dhe_r sa_aes_128_sha &
A recent update disabled most of the ssl3 protos and left a few, but I think it is only a matter of time before they go.
Note, I've tried TLS w/my imap server & Tbird... Tbird kept hanging. Seems there are problems in the connection setup.
I turned off encryption and just let it use IMAP in cleartext, and now Tbird is all happy.
I had turned off all SSL3's for my browser (recently/currently using PaleMoon v25.0.1) == FF24.9, I think, but is x64 instead of ia32). That didn't last long -- too many sites don't have TLS configured. I went back to the setting from my last security update on this browser, but that cut out baka.
Baka seems to not want to talk if I disable the lower-security (aes_128) proto (doesn't seem to have or try the 256 bit one, but from what I hear... both are no good. Diffie Helman is such that software is upgrading to a 2048-bit key requirement.
Anyway, Don't know the solution, but was passing on the gory problem details...