Access Keys:
Skip to content (Access Key - 0)

Q: Secure Connection Failed - authenticity could not be verified

  • Question: Help, my Firefox 3.5 on Linux sometimes gives vague certificate error pages like

    "Secure Connection Failed: An error occurred during a connection to example.mit.edu. The page you are trying to view can not be shown because the authenticity of the received data could not be verified."

  • What's going on?

Context

  • Firefox 3.5
  • Linux
  • Sites that use SSL Renegotiation

SSL Renegotiation is not common, but here are some examples of sites where this problem has been reported:

Answer

  • Certain versions of Firefox on Linux disable an SSL option (called "SSL Renegotiation") because of security concerns. Sites that rely on SSL renegotiation will not work with the affected versions of Firefox.
  • Future versions of firefox may solve the security problem and re-enable SSL renogiation.
  • In the mean time, if you use Firefox on Linux and you have this problem for certain websites, one fix is to set a variable that will re-enable the SSL option before you launch Firefox. The following two commands will set the variable and launch firefox:

    (These lines assume you are using the Bash shell.)

  • Note that setting this variable means that your browser becomes more vulnerable to a type of attacks known as "man in the middle" attacks. A clever attacker could interpose themselves between (say) your bank website and your browser and act as a man in the middle, intercepting and inspecting all communication between you and the website that you thought was secure.
  • The level of risk is small, but if you want to avoid the risk, take care to only set the NSS_SSL_ENABLE_RENEGOTIATION variable when you need to access an affected site (like MIT > Ecat > Sciquest). When you are done with the site, close your Firefox, close the window where you had set the variable, and then launch a fresh new Firefox from a different window.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

March 01, 2010

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
firefox firefox Delete
3 3 Delete
5 5 Delete
certificates certificates Delete
linux linux Delete
ssl ssl Delete
c-firefox c-firefox Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki