SM 2.30 (and FF 33.0) cannot connect to SSL localhost anymore

I'm really upset!
I had this problem with the latest update of FF to v. 33.0 and now the same is 
with SM 2.30 OSX (Snow Leopard).

I cannot connect to my local Webmin on "https://localhost:nnn/"  (the same with 
the local name or 127.0.0.1 IP, 'nnn' is the port number) because of the error 
"An error occurred during a connection to 127.0.0.1:nnn. The key does not 
support the requested operation. (Error code: sec_error_invalid_key)".
The local certificate is already in the exception list.
Webmin is the latest version 1.710 and all the component are up to date (such 
as openSSL)

SM build:
User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:33.0) 
Gecko/20100101 Firefox/33.0 SeaMonkey/2.30
Build identifier: 20141014004953

Does anyone know how to force SM or FF to connect or how to fix the problem?

Thank you!

Gabriel
-2
Gabriel
10/17/2014 6:12:38 PM
mozilla.support.seamonkey 12189 articles. 0 followers. Post Follow

6 Replies
2857 Views

Similar Articles

[PageSpeed] 30

Gabriel wrote:
> I'm really upset!
> I had this problem with the latest update of FF to v. 33.0 and now the
> same is with SM 2.30 OSX (Snow Leopard).
>
> I cannot connect to my local Webmin on "https://localhost:nnn/"  (the
> same with the local name or 127.0.0.1 IP, 'nnn' is the port number)
> because of the error "An error occurred during a connection to
> 127.0.0.1:nnn. The key does not support the requested operation. (Error
> code: sec_error_invalid_key)".
> The local certificate is already in the exception list.
> Webmin is the latest version 1.710 and all the component are up to date
> (such as openSSL)
>
> SM build:
> User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:33.0)
> Gecko/20100101 Firefox/33.0 SeaMonkey/2.30
> Build identifier: 20141014004953
>
> Does anyone know how to force SM or FF to connect or how to fix the
> problem?
>
> Thank you!
>
> Gabriel

Why do you need a secure connection to the localhost?  It is your own 
computer.

-1
EE
10/17/2014 7:16:11 PM
EE wrote:
> Gabriel wrote:
>> I'm really upset!
>> I had this problem with the latest update of FF to v. 33.0 and now the
>> same is with SM 2.30 OSX (Snow Leopard).
>>
>> I cannot connect to my local Webmin on "https://localhost:nnn/"  (the
>> same with the local name or 127.0.0.1 IP, 'nnn' is the port number)
>> because of the error "An error occurred during a connection to
>> 127.0.0.1:nnn. The key does not support the requested operation. (Error
>> code: sec_error_invalid_key)".
>> The local certificate is already in the exception list.
>> Webmin is the latest version 1.710 and all the component are up to date
>> (such as openSSL)
>>
>> SM build:
>> User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:33.0)
>> Gecko/20100101 Firefox/33.0 SeaMonkey/2.30
>> Build identifier: 20141014004953
>>
>> Does anyone know how to force SM or FF to connect or how to fix the
>> problem?
>>
>> Thank you!
>>
>> Gabriel
>
> Why do you need a secure connection to the localhost?  It is your own
> computer.
>

You know Google reported a hole in SSL at the start of the week?  It was 
around the time the latest Firefox came out and they were planning to 
disable SSL support with the next level in mid November.
I don't have the newest Seamonkey yet (it has not propagated to my Linux 
distribution yet) but Apple *may* possibly have taken this step already. 
  Firefox disabled configuration except by about:config last year but 
Seamonkey did not.

Preferences -> Privacy & Security -> SSL -> SSL Protocol Versions.
Is SSL 3.0 enabled?
btw:
- the checked boxes have to be contiguous.
- SSL 3.0 < TLS 1.0.

Google will tell you how to do this for Firefox.  It was non-intuitive 
to me.

The hole in SSL was large enough to make disabling it a sensible idea. 
My preference would be towards leaving it off rather than keeping it for 
localhost.
-1
A
10/17/2014 7:33:01 PM
On 10/17/2014 12:33 PM, A Williams wrote:
> EE wrote:
>> Gabriel wrote:
>>> I'm really upset!
>>> I had this problem with the latest update of FF to v. 33.0 and now the
>>> same is with SM 2.30 OSX (Snow Leopard).
>>>
>>> I cannot connect to my local Webmin on "https://localhost:nnn/"  (the
>>> same with the local name or 127.0.0.1 IP, 'nnn' is the port number)
>>> because of the error "An error occurred during a connection to
>>> 127.0.0.1:nnn. The key does not support the requested operation. (Error
>>> code: sec_error_invalid_key)".
>>> The local certificate is already in the exception list.
>>> Webmin is the latest version 1.710 and all the component are up to date
>>> (such as openSSL)
>>>
>>> SM build:
>>> User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:33.0)
>>> Gecko/20100101 Firefox/33.0 SeaMonkey/2.30
>>> Build identifier: 20141014004953
>>>
>>> Does anyone know how to force SM or FF to connect or how to fix the
>>> problem?
>>>
>>> Thank you!
>>>
>>> Gabriel
>>
>> Why do you need a secure connection to the localhost?  It is your own
>> computer.
>>
> 
> You know Google reported a hole in SSL at the start of the week?  It was 
> around the time the latest Firefox came out and they were planning to 
> disable SSL support with the next level in mid November.
> I don't have the newest Seamonkey yet (it has not propagated to my Linux 
> distribution yet) but Apple *may* possibly have taken this step already. 
>   Firefox disabled configuration except by about:config last year but 
> Seamonkey did not.
> 
> Preferences -> Privacy & Security -> SSL -> SSL Protocol Versions.
> Is SSL 3.0 enabled?
> btw:
> - the checked boxes have to be contiguous.
> - SSL 3.0 < TLS 1.0.
> 
> Google will tell you how to do this for Firefox.  It was non-intuitive 
> to me.
> 
> The hole in SSL was large enough to make disabling it a sensible idea. 
> My preference would be towards leaving it off rather than keeping it for 
> localhost.
> 


It is a good idea when mentioning security issues like this to 'cite'
some references. Here are a few:

<http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html>
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
<https://bugzilla.mozilla.org/show_bug.cgi?id=1076983>
<http://threatpost.com/browser-vendors-move-to-disable-sslv3-in-wake-of-poodle-attack/108852>
<https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/>


-1
NoOp
10/18/2014 3:53:08 AM
EE wrote on 17/10/14 21.16:

>
> Why do you need a secure connection to the localhost?  It is your own computer.
>

Because that's the standard way Webmin works.
And I think a browser should not argue about what kind of certificate and 
cypher I use to connect to my localhost!

G.
1
Gabriel
10/18/2014 9:29:17 AM
A Williams wrote on 17/10/14 21.33:

> You know Google reported a hole in SSL at the start of the week?  It was around
> the time the latest Firefox came out and they were planning to disable SSL
> support with the next level in mid November.

Hi,

yes I already new about the SSL3 bug.


> I don't have the newest Seamonkey yet (it has not propagated to my Linux
> distribution yet) but Apple *may* possibly have taken this step already.
>   Firefox disabled configuration except by about:config last year but Seamonkey
> did not.
>
> Preferences -> Privacy & Security -> SSL -> SSL Protocol Versions.
> Is SSL 3.0 enabled?
> btw:
> - the checked boxes have to be contiguous.
> - SSL 3.0 < TLS 1.0.

It does not work.
The error is not about the cypher used, but about the certificate not being 
recognised even if it's in the exception list. I do have SSL3 enabled on SM.


>
> Google will tell you how to do this for Firefox.  It was non-intuitive to me.

I agree with you.

>
> The hole in SSL was large enough to make disabling it a sensible idea. My
> preference would be towards leaving it off rather than keeping it for localhost.

Disabling SSL3 by default will forbid you to connect to a lot of services, most 
of them on shared hostings; at least this is how FF now works (badly) if you 
try to connect on ports used by webmails, cPanel and such.
I think the user should still have the choice.

G.
1
Gabriel
10/18/2014 9:42:48 AM
On 10/18/2014 02:42 AM, Gabriel wrote:
> A Williams wrote on 17/10/14 21.33:
> 
>> You know Google reported a hole in SSL at the start of the week?  It was around
>> the time the latest Firefox came out and they were planning to disable SSL
>> support with the next level in mid November.
> 
> Hi,
> 
> yes I already new about the SSL3 bug.
> 
> 
>> I don't have the newest Seamonkey yet (it has not propagated to my Linux
>> distribution yet) but Apple *may* possibly have taken this step already.
>>   Firefox disabled configuration except by about:config last year but Seamonkey
>> did not.
>>
>> Preferences -> Privacy & Security -> SSL -> SSL Protocol Versions.
>> Is SSL 3.0 enabled?
>> btw:
>> - the checked boxes have to be contiguous.
>> - SSL 3.0 < TLS 1.0.
> 
> It does not work.
> The error is not about the cypher used, but about the certificate not being 
> recognised even if it's in the exception list. I do have SSL3 enabled on SM.
> 
> 
>>
>> Google will tell you how to do this for Firefox.  It was non-intuitive to me.
> 
> I agree with you.
> 
>>
>> The hole in SSL was large enough to make disabling it a sensible idea. My
>> preference would be towards leaving it off rather than keeping it for localhost.
> 
> Disabling SSL3 by default will forbid you to connect to a lot of services, most 
> of them on shared hostings; at least this is how FF now works (badly) if you 
> try to connect on ports used by webmails, cPanel and such.
> I think the user should still have the choice.
> 
> G.
> 
Check to see if your system mozilla-nss is up to date:

<https://support.mozilla.org/en-US/questions/968257>
<http://stackoverflow.com/questions/26389964/firefox-33-0-wont-open-a-specific-local-application-error-code-sec-error-inva>
-1
NoOp
10/19/2014 12:01:13 AM
Reply: