- Question: Help, my Firefox 3.5 on Linux sometimes gives vague certificate error pages like
"Secure Connection Failed: An error occurred during a connection to example.mit.edu. The page you are trying to view can not be shown because the authenticity of the received data could not be verified."
- What's going on?
- Firefox 3.5
- Sites that use SSL Renegotiation
SSL Renegotiation is not common, but here are some examples of sites where this problem has been reported:
- https://solutions.sciquest.com/apps/... (MIT ECAT > Place Departmental Order)
- Certain versions of Firefox on Linux disable an SSL option (called "SSL Renegotiation") because of security concerns. Sites that rely on SSL renegotiation will not work with the affected versions of Firefox.
- Some discussions of this on the web are at: http://bugs.gentoo.org/show_bug.cgi?id=304995 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561918
- Future versions of firefox may solve the security problem and re-enable SSL renogiation.
- In the mean time, if you use Firefox on Linux and you have this problem for certain websites, one fix is to set a variable that will re-enable the SSL option before you launch Firefox. The following two commands will set the variable and launch firefox:
(These lines assume you are using the Bash shell.)
- Note that setting this variable means that your browser becomes more vulnerable to a type of attacks known as "man in the middle" attacks. A clever attacker could interpose themselves between (say) your bank website and your browser and act as a man in the middle, intercepting and inspecting all communication between you and the website that you thought was secure.
- The level of risk is small, but if you want to avoid the risk, take care to only set the NSS_SSL_ENABLE_RENEGOTIATION variable when you need to access an affected site (like MIT > Ecat > Sciquest). When you are done with the site, close your Firefox, close the window where you had set the variable, and then launch a fresh new Firefox from a different window.