Date: Tue, 31 Aug 2021 17:12:29 -0400 (EDT) From: Doug Denault <doug@safeport.com> To: Pete Wright <pete@nomadlogic.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: firefox 90.0.2,2 will not load mozilla.com Message-ID: <alpine.BSF.2.00.2108311707270.70709@bucksport.safeport.com> In-Reply-To: <ab072ae5-e1d4-0a7c-d7fb-916ed870d45d@nomadlogic.org> References: <alpine.BSF.2.00.2108311619560.70709@bucksport.safeport.com> <ab072ae5-e1d4-0a7c-d7fb-916ed870d45d@nomadlogic.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 31 Aug 2021, Pete Wright wrote: > On 8/31/21 1:26 PM, Doug Denault wrote: >> I needed thunderbird on my 12.2 system. Installing that with pkg upgraded >> firefox. >> >> Most sites get the error: >> >> Your connection is not secure >> >> The website tried to negotiate an inadequate level of security. >> >> www.mozilla.com uses security technology that is outdated and vulnerable to >> attack. An attacker could easily reveal information which you thought to be >> safe. The website administrator will need to fix the server first before >> you can visit the site. >> >> Error code: NS_ERROR_NET_INADEQUATE_SECURITY >> >> Others without security (for me) include american.express, google.com, >> amazon.com and youtube.com. freebsd.org works. As far as I can tell this >> only affects me. >> > > couple things worth checking: > - make sure ca_root_nss is on latest version (I'm on v3.69 and not seeing > this issue) > - make sure your system clock is in sync > > for debugging, maybe try accessing a site via curl. it may report a more > helpful error message, or if it works it's possible the issue is isolated to > firefox. Thanks Pete, I did update ca_root [ca_root_nss: 3.58 -> 3.63]. Clocks are sync'd using FreeBSD defaults and, curl gave no output. Chrome works. It seems clear that the lack of any others there is something firefox does not like about my setup. Doug _____ Douglas Denault http://www.safeport.com doug@safeport.com Voice: 301-217-9220 Fax: 301-217-9277 From owner-freebsd-questions@freebsd.org Wed Sep 1 03:49:18 2021 Return-Path: <owner-freebsd-questions@freebsd.org> Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 60B6267B247 for <freebsd-questions@mailman.nyi.freebsd.org>; Wed, 1 Sep 2021 03:49:18 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Gzqms4wSrz3PvG for <freebsd-questions@freebsd.org>; Wed, 1 Sep 2021 03:49:17 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: by mail-wr1-x42e.google.com with SMTP id q14so2301200wrp.3 for <freebsd-questions@freebsd.org>; Tue, 31 Aug 2021 20:49:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=bAz9L+zZapdiWldldlWLQwmDz47wRaDzumeEKmJXVIQ=; b=Pz49D8FhqDibIqPAnUZB40l4Ph0P0I89zqRt4K79oXY5u1JewFtz5ATkwBjjaQt79G SUvwvrvX/UQAaVAHUIcXO9VBn5Puk9I7+2KXjRQ261asYHjPp6lVI5unjOrI22FWYnHT fwz5vL17d21VZ6jpET1JASn8b0OzX8ec7+zeGQd4ZpldOGLlREBb7WWrAz2MPainpUnu yME7tKp0CCjDqgwMDTPnVX25ugRRxjvUeX6olUmlNUb+MtxKgiwQOFlGSWOdRz0T/0vA g4qfUu/By5vBjvIopdwDEAXPd2/UdqmdZ49ngcT+urvK3DMz/6JSDPz0qUt3zIK1xdLD RadQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=bAz9L+zZapdiWldldlWLQwmDz47wRaDzumeEKmJXVIQ=; b=C5I0b1hh4mgc42jcxF810IdzO3UPdKYF3B+wz7RWlGOGRhXyFdI/BkADlBsPi+2WEG kH/a1wIogsrvfGcwgGlRhQQTSOOHEiHmcbP8XMBo9nr3NKBEn0/cEz70IaMtB7v6Y/qk ddIrob+nTo95Oe3FSBsJ0Mwtndve9xEVUbab+/g0gWDzlH5Gzuol7wcVbzunbmqtVlQt NT15udrwgszv4wzPCPfVFzKC8K1S6I68qCDLzT+vjCV7RLLx5OJktWKTIroRWrGvNsyd 7glAw8zQQ0S3BhsA68YPUUeOj290zAaxlcO/PFf4O64CTvcBlHaP/2uG4xMR/vNNi8ku y1cg== X-Gm-Message-State: AOAM530TI62FlLhgtHWstBqkJXwcP+RlGqjn8fSVRnXkc2KiiCnrwZx2 /DdqpOAPvAX/TXhdmKawA6VIDXec2TxMGA== X-Google-Smtp-Source: ABdhPJzOFJ7WEhnLTHw/nnlD47SRoo31K9NPn5N+OypQI9iqjREh44SU8I1u6BkXvCNsOrEStlNMcA== X-Received: by 2002:adf:de8f:: with SMTP id w15mr34956651wrl.277.1630468153968; Tue, 31 Aug 2021 20:49:13 -0700 (PDT) Received: from ?IPv6:2001:470:1f1c:a0::2? (tunnel642390-pt.tunnel.tserv1.lon2.ipv6.he.net. [2001:470:1f1c:a0::2]) by smtp.gmail.com with ESMTPSA id r12sm20509471wrv.96.2021.08.31.20.49.13 for <freebsd-questions@freebsd.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 31 Aug 2021 20:49:13 -0700 (PDT) Subject: Re: firefox 90.0.2,2 will not load mozilla.com To: freebsd-questions@freebsd.org References: <alpine.BSF.2.00.2108311619560.70709@bucksport.safeport.com> <ab072ae5-e1d4-0a7c-d7fb-916ed870d45d@nomadlogic.org> <alpine.BSF.2.00.2108311707270.70709@bucksport.safeport.com> From: Graham Perrin <grahamperrin@gmail.com> Message-ID: <8b46adef-694b-a93c-10a1-41a1b1ab12f6@gmail.com> Date: Wed, 1 Sep 2021 04:49:12 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <alpine.BSF.2.00.2108311707270.70709@bucksport.safeport.com> Content-Language: en-GB X-Rspamd-Queue-Id: 4Gzqms4wSrz3PvG X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=Pz49D8Fh; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grahamperrin@gmail.com designates 2a00:1450:4864:20::42e as permitted sender) smtp.mailfrom=grahamperrin@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::42e:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions <freebsd-questions.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>; List-Post: <mailto:freebsd-questions@freebsd.org> List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=subscribe> X-List-Received-Date: Wed, 01 Sep 2021 03:49:18 -0000 On 31/08/2021 22:12, Doug Denault wrote: >>> … www.mozilla.com uses security technology that is outdated and >>> vulnerable to attack. An attacker could easily reveal information >>> which you thought to be safe. The website administrator will need to >>> fix the server first before you can visit the site. >>> >>> Error code: NS_ERROR_NET_INADEQUATE_SECURITY >>> >>> Others without security (for me) include american.express, >>> google.com, amazon.com and youtube.com. freebsd.org works. As far as >>> I can tell this only affects me. >>> >> >> couple things worth checking: >> - make sure ca_root_nss is on latest version (I'm on v3.69 and not >> seeing this issue) >> - make sure your system clock is in sync >> >> for debugging, maybe try accessing a site via curl. it may report a >> more helpful error message, or if it works it's possible the issue is >> isolated to firefox. > > Thanks Pete, I did update ca_root [ca_root_nss: 3.58 -> 3.63]. Clocks > are sync'd using FreeBSD defaults and, curl gave no output. Chrome > works. It seems clear that the lack of any others there is something > firefox does not like about my setup. Do you get the same error for <https://www.mozilla.org/en-GB/firefox/>? (The site to which <http://www.mozilla.com/>; redirects, for me in the UK.)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.2108311707270.70709>