Thank you for the reply - most helpful. Regards Habs
On 27 February 2017 at 11:24, jc_gargma <[email protected]> wrote: > > Error code: SSL_ERROR_UNSAFE_NEGOTIATION > This error is due to the site not supporting RFC 5746. > Without it the browser has no way of knowing whether the site is > vulnerable to > a potential MITM attack, and therefore assumes the connection is unsafe. > > Contacting the site owners might help in the long run, though not all sites > are receptive to unsolicited security advice. > > In the meantime, if you really need to access those sites, you can toggle > security.ssl.require_safe_negotiation > to false in about:config > > > I did notice during one of these scenarios, that Firefox was reporting > > TLS1.0. It led me wonder if it is a settings issue on what level of ssl > > components are acceptable. > IceCat used to require at least TLS 1.2 by default. > It no longer does, but it's possible your settings are inherited from a > previous version. > In such a case, you may also need to set > security.tls.version.min > to 1 > > > In some cases, Icecat reports an unsafe/unencrypted session and no valid > or > > invalid certificate is available, when Firefox states for the same page > it > > is ok (and I can browse the certificate details etc). > > > > Is Icecat setup by default to be less forgiving towards what it receives > > SSL wise, bearing in mind I have not changed any ssl related settings in > > either browser? > Yes, but TLS 1.2 and cipher settings have been relaxed in recent versions > due > to how many sites were broken by default. > > > -jc > > -- > http://gnuzilla.gnu.org > >
-- http://gnuzilla.gnu.org
