Desiree wrote on 27/10/14 11.20:
On 10/26/2014 9:09 AM, Gabriel wrote:
This is weird! Trying to access: https://www.norse-corp.com/careers.html
I see the error "Cannot communicate securely with peer: no common encryption
algorithm(s). (Error code: ssl_error_no_cypher_overlap)"
User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:33.0)
Gecko/20100101 Firefox/33.0 SeaMonkey/2.30
Build identifier: 20141014004953
It works with Firefox 33.0.1 but it shows an alert sign in the URL bar (I think
about mixed content).
G.
No one should have SSL 3 enabled! POODLE vulnerability has killed SSL 3.
I get the same message at your site on SeaMonkey 2.30, Pale Moon 25.0.2 (where
the dev has disabled SSL 3) and Fx 24.8 ESR.
Qualys report https://www.ssllabs.com/ssltest/analyze.html?d=norse-corp.com on
that site indicates that ONLY SSL 3 is used! The site claims they have
mitigated the POODLE risk but that site should be reported as broken. Mozilla
will be permanently disabling SSL3 soon and Mozilla blog recommends that
everyone in the meantime install their new addon SSL Version control which
works on Fx, Sea Monkey, Thunderbird and sets the lowest SSL accepted to TLS
1.0. This addon is great because with a very backward and dangerous server
like that at norse-corp.com you can temporarily enable SSL3 when you absolutely
must visit that site amd then disable SSL 3 again as soon as you leave the
site. Still, you need to report the site and also complain to the site's
webmaster because you won't be able to visit the site when Mozilla permanently
disables SSL 3. Plus, no site should be using only SSL 3 these days.
[CUT]
Thank you very much for all these informations!
I sent a message to Norse Corp. about this matter.
G.
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
