Unconfigured Ad Widget

Collapse

https:www.calguns.net Secure Connection Failed

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1
    the86d
    Calguns Addict
    • Jul 2011
    • 9587

    https:www.calguns.net Secure Connection Failed

    Firefox x64 nightly (my main browser for everything) returns this error.
    -------------------------------
    Secure Connection Failed

    An error occurred during a connection to www.calguns.net. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.
    -------------------------------
    It looks like someone using Pale Moon (Another x64 build of Firefox?) is having this issue too, but it states that it might be a site issue.
    Last edited by the86d; 03-15-2015, 9:07 AM.
    Tags: None
    • #2
      the86d
      Calguns Addict
      • Jul 2011
      • 9587
      Didn't work in Firefox Nightly x64, so I am trying this Pale Moon x64.

      Although the fix states: "Please try to work out the issue with the operator of the server you are connecting to", workaround seems to get me here (pseudo-securely?), under point 2 RC4, option 2 via about:config.
      Secure connection errors? **READ THIS FIRST!** - Pale Moon forum
      https://forum.palemoon.org/viewtopic.php?f=24&t=6262


      Anyone know what I am opening myself up for if I leave these settings in my default browser set to true, just to secure my connection to calguns?:
      security.ssl3.rsa_rc4_128_sha
      security.ssl3.rsa_rc4_128_md5
      Last edited by the86d; 03-15-2015, 9:06 AM.

        Comment

        • #3
          skunkbad
          Member
          • Nov 2012
          • 147
          Search for TLS in about:config. What is your max TLS version at? If it's at 1, change it to 2 (or 3). Many webservers would have just been upgraded due to SSL vulnerabilities. The upgrade would drop requests where the TLS version used is an outdated version, like SSLv3. Changing the max TLS version to 2 would instruct the browser to use the upgraded TLS version. You may have to restart application / OS to see an effect.
          Last edited by skunkbad; 03-15-2015, 9:22 AM. Reason: added more info.

            Comment

            • #4
              sixoclockhold
              Banned
              • Jul 2012
              • 4040
              The NSA is tracking you.

              What did you do?

                Comment

                • #5
                  msternin
                  CGN/CGSSA Contributor
                  CGN Contributor
                  • Jan 2015
                  • 881
                  Certs and chain look good and valid to me.

                  Probably just an issue with the nightly build.

                  Code:
                  C:\Users\marc>openssl s_client -connect www.calguns.net:443 -showcerts
Loading 'screen' into random state - done
CONNECTED(000001D4)
depth=1 C = US, O = Network Solutions L.L.C., CN = Network Solutions DV Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=nsProtect Secure Xpress/CN=www.calguns.net
   i:/C=US/O=Network Solutions L.L.C./CN=Network Solutions DV Server CA
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIRALH494zQMKd6EzBEultoFwEwDQYJKoZIhvcNAQEFBQAw
WTELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D
LjEnMCUGA1UEAxMeTmV0d29yayBTb2x1dGlvbnMgRFYgU2VydmVyIENBMB4XDTEx
MDkyMjAwMDAwMFoXDTE1MDkyMjIzNTk1OVowXzEhMB8GA1UECxMYRG9tYWluIENv
bnRyb2wgVmFsaWRhdGVkMSAwHgYDVQQLExduc1Byb3RlY3QgU2VjdXJlIFhwcmVz
czEYMBYGA1UEAxMPd3d3LmNhbGd1bnMubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAwYw6ib+vc8Up3uYwSnuAiPaN36biNgPW8SbvYSYzHPPaI9TZ
5w8cmp+N2fRx+gbZD/2OaTHGCe/Vgrcl+3PknM2UlP8oT2z/2UWs2eZL7JSnWIXR
5nU+H3/LEavYIk2TYtql+pzvmu9vNiVrVnQZyDyj9LUBrnCEKSvqqLnyUHFBXV2m
c6PxiRWG9g+L41Bcj7gLjSGhXugKzFls5V63KLouh1TW0FJZRSFlojX2jcDDvSLP
Cf3isqKY0vJS3WKn2/oi30hHMdh1j7QSlsP28oBKJ0O0aJxsjY6pASoafVZXSNbd
D7ODBIBVj/x5HlSmaBFjAJ+tXrfC4tPpBMe6eQIDAQABo4IB0DCCAcwwHwYDVR0j
BBgwFoAUWNglkqRVWm7Zo9GjfAyqBCFxLmAwHQYDVR0OBBYEFJp1c9QaMjOX+FK2
KDKtqurcAxy7MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHSAEZDBiMGAGDCsGAQQBhg4BAgEJ
ATBQME4GCCsGAQUFBwIBFkJodHRwOi8vd3d3Lm5ldHdvcmtzb2x1dGlvbnMuY29t
L2xlZ2FsL1NTTC1sZWdhbC1yZXBvc2l0b3J5LWNwcy5qc3AwSAYDVR0fBEEwPzA9
oDugOYY3aHR0cDovL2NybC5uZXRzb2xzc2wuY29tL05ldHdvcmtTb2x1dGlvbnNE
VlNlcnZlckNBLmNybDB6BggrBgEFBQcBAQRuMGwwQwYIKwYBBQUHMAKGN2h0dHA6
Ly93d3cubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zRFZTZXJ2ZXJDQS5j
cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLm5ldHNvbHNzbC5jb20wGgYDVR0R
BBMwEYIPd3d3LmNhbGd1bnMubmV0MA0GCSqGSIb3DQEBBQUAA4IBAQA5pgRjWZns
TkeDqSJxHpt+6ihbWwxYQWZEpGFkjEHLE8V4va8zKRtOD3vPxNL1jOXYAfVEHidl
axkIc0RPI0e+46/AzurXcD++QiqqpGi+RSPT94H0i5hjhe6NCT6NBO66wGFv/drF
G7Vv56TWJ00Y41UajXoXmD0ijWC3IPPHkWWb44blgr70gs1moNMm+sxNX7VvMli9
9H0xaV8Ukrh35IXeX9X+zZAjru2cT07naIzNoW109RSVEDJ3wn4IDeSR787cGJlo
cssXAqQ0HMkZ3fpLOEZjfDPr9BQ3oM7iNgxzav6t3zD2yEQtG6oaw8aAx3km0h8Y
01eS43FETaae
-----END CERTIFICATE-----
 1 s:/C=US/O=Network Solutions L.L.C./CN=Network Solutions DV Server CA
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQSPxLCjcG/0b+095dTB7KYjANBgkqhkiG9w0BAQUFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTEwMTEyNjAwMDAwMFoXDTIwMDUzMDEwNDgzOFow
WTELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D
LjEnMCUGA1UEAxMeTmV0d29yayBTb2x1dGlvbnMgRFYgU2VydmVyIENBMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1dmNdyQTnh0ZajarOjpYmVGymTw
0MOnQluM4Y4ABStT5BuEIrTfV7BAjxeSfjGXHvWt8ICZ25cwlTUNZEHfxLOCec28
luL9ACnFPr58CGy+/pCxFTkhhjRAvZyd+mrlKmhFDmjg6LAIZYQ2MZxG4U7LP1iD
82yONBmCUyYsjauSIl8FoT2brme0VsD5l3jAtZgVDK0Drf94jy8mfDrclACHw37C
tqiMCx0dD4y10PuTOjj2CP47jWZrRcZfsnvwFPmBdd4LS4PL7ne7nH6bnSfYkAad
z0s8K/q/AQrFbRxaYGiS+Q5D+/KIeJblU0tR9rHnbffG/0/XA3tz8mAKIQIDAQAB
o4IBfzCCAXswHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0O
BBYEFFjYJZKkVVpu2aPRo3wMqgQhcS5gMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
Af8ECDAGAQH/AgEAMBkGA1UdIAQSMBAwDgYMKwYBBAGGDgECAQkBMEQGA1UdHwQ9
MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy
bmFsQ0FSb290LmNybDCBswYIKwYBBQUHAQEEgaYwgaMwPwYIKwYBBQUHMAKGM2h0
dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LnA3
YzA5BggrBgEFBQcwAoYtaHR0cDovL2NydC51c2VydHJ1c3QuY29tL0FkZFRydXN0
VVROU0dDQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3Qu
Y29tMA0GCSqGSIb3DQEBBQUAA4IBAQAnlJ9+f/xzSPI4H7AFv3HcO6l+wxCGJS0U
7kSdSo3yszrFZvoCv9XwABZ3yXTXiMCxGHrzThMxcG9GcEHhGkI+ql9GGC2FDDu7
/s8C1s+u2xqTUnRsnvqy7q8vfQdCF30x5Wo2KCv91HLx/rnF9/ByYeCdvMrrRQu4
aAkBG01zf9/mk7od/Gsos2Qwu9A6qjVrC4NhaNcyWkneGtH8bYug3Pp6pJJ/dOIN
kqCeuEYcYmOwuAjE/bC0nyQJsy2cdRR3Sm7EY8FNE4bOmHIdPbnGTnMw5MZzotH3
kOSQzOE6N9ZTAl9FLS+mT0lB6t+PL5ccdtt4QGPL5NXXUzgOERA4
-----END CERTIFICATE-----
---
Server certificate
subject=/OU=Domain Control Validated/OU=nsProtect Secure Xpress/CN=www.calguns.net
issuer=/C=US/O=Network Solutions L.L.C./CN=Network Solutions DV Server CA
---
No client certificate CA names sent
---
SSL handshake has read 2704 bytes and written 635 bytes

                    Comment

                    • #6
                      msternin
                      CGN/CGSSA Contributor
                      CGN Contributor
                      • Jan 2015
                      • 881
                      Ah yes...The qualsys results go much deeper then simple openssl cmds. Doesn't seem like to big of an issue though. Since GCN doesn't enforce, by redirection, secure connection nor has any e-commerce-like transactions shouldn't have much of an impact on people blasting each other in various threads. ;-)

                        Comment

                        • #7
                          the86d
                          Calguns Addict
                          • Jul 2011
                          • 9587
                          Originally posted by skunkbad
                          Search for TLS in about:config. What is your max TLS version at? If it's at 1, change it to 2 (or 3). Many webservers would have just been upgraded due to SSL vulnerabilities. The upgrade would drop requests where the TLS version used is an outdated version, like SSLv3. Changing the max TLS version to 2 would instruct the browser to use the upgraded TLS version. You may have to restart application / OS to see an effect.


                          I have had other issues in the past with the standard Firefox x86 builds too.
                          Mainly the issue on x86 is that you cannot see embedded youtube vids when using https://www.calguns.net ...

                            Comment

                            • #8
                              Pauliedad
                              CGN/CGSSA Contributor - Lifetime
                              CGN Contributor - Lifetime
                              • Dec 2012
                              • 2095
                              What?

                                Comment

                                • #9
                                  the86d
                                  Calguns Addict
                                  • Jul 2011
                                  • 9587
                                  Originally posted by Pauliedad
                                  What?


                                  Please quote someone, so we know who's post the "What?" is referencing.
                                  Last edited by the86d; 03-16-2015, 7:00 AM.

                                    Comment

                                    • #10
                                      msternin
                                      CGN/CGSSA Contributor
                                      CGN Contributor
                                      • Jan 2015
                                      • 881
                                      Originally posted by Pauliedad
                                      What?
                                      The OP needs to adjust his Flux Capacitor, and all should be well.

                                        Comment

                                        • #11
                                          skunkbad
                                          Member
                                          • Nov 2012
                                          • 147
                                          Just for kicks, this is my about:config w/ search for tls:



                                          It's likely that calguns may be using a weak verion of TLS/SSL, and until they update, you're out of luck.

                                          Regarding the image, keep in mind I'm just running std Firefox on 64 bit Ubuntu. (36.0.1)
                                          Attached Files
                                          Last edited by skunkbad; 03-16-2015, 4:30 PM. Reason: more info

                                            Comment

                                            • #12
                                              msternin
                                              CGN/CGSSA Contributor
                                              CGN Contributor
                                              • Jan 2015
                                              • 881
                                              Originally posted by skunkbad
                                              Just for kicks, this is my about:config w/ search for tls:



                                              It's likely that calguns may be using a weak verion of TLS/SSL, and until they update, you're out of luck.

                                              Regarding the image, keep in mind I'm just running std Firefox on 64 bit Ubuntu. (36.0.1)
                                              Not really knowing the CGN setup, ie: hosted, VM, single instance, load balanced, etc... You may be doing the entire community a favor by limiting or not using secure connections. As we all know, the secure connection setup, encrypt/decrypt process is taxing on single instances, especially within a virtual environment (if that's how they're setup). Again, not knowing the setup, it's likely they do not have any type of dedicated SSL/TLS front-end offload appliance or SSL accelerator.

                                              Just a thought.

                                                Comment

                                                Previous template Next

                                                Calguns.net Statistics

                                                Collapse
                                                Topics: 1,861,695   Posts: 25,084,169   Members: 355,415   Active Members: 5,192
                                                Welcome to our newest member, scentedtrunk.

                                                What's Going On

                                                Collapse

                                                There are currently 3626 users online. 43 members and 3583 guests.

                                                Most users ever online was 65,177 at 8:20 PM on 09-21-2024.

                                                Working...
                                                UA-8071174-1