Unable to access a particular site since Yesterday ...
-
-
mrclose last edited by
Version
12.17
Build
1863Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.17
Whatever all of that means?
-
mrclose last edited by
I received this on another forum as an answer.
What do you think?
Security schemes in browsers are always being tweaked by the various companies that make the browsers, sometimes a new scheme will change the way the browser functions after an update on some sites.
That appears to be the case here.
Apparently SSL 3.0 has been disabled in the latest Opera due to a big security issue, most secure sites have stopped using the SSLv3 standard because of this security issue so Opera works fine on those sites but any secure site that is still using SSLv3 will not be accessible in Opera until they update their server to abandon SSLv3.
In the meantime you will have to use a browser that retains SSLv3 compatibility for those outdated https sites.
-
-
mrclose last edited by
Just that one.
As I said, it does open with my other browsers, just not with opera any longer.
Have used opera for years on the site.
-
blackbird71 last edited byOpera 12.14 (which I've modified to block any SSL3) fails as you've described. If I allow SSL3 transactions in 12.14, then it proceeds to the log-in page. Qupzilla 1.8.2 (which supposedly has some protection against SSL exploits, though I question how much) allows the log-in page to appear as well. Below is the response from FireFox (which has Mozilla's latest extension-patch installed to block SSL3 in it):
"Secure Connection Failed
An error occurred during a connection to ws1.aholdusa.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Errorcode: ssl-error-no-cypher-overlap)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."
(BB NOTE: the error code contains underscores instead of dashes... but I can't get the markdown coding in this forum to render it.)
I strongly suspect this all stems from the mass of confusion now surrounding how to best deal with the evaporation of SSL3 security via the very recent "Poodle" exploit and how various websites are responding to that situation, especially if they formerly operated using SSL3. Different browsers may deal differently with the various levels of TLS and whether/how they decrement TLS levels if the highest ones aren't successfully implemented in their communications with a site. Likewise, the site may be coded to respond differently now to a given browser user-agent-string than it did in the recent past. The net effect is that if the TLS-level handshaking, the necessary encryption protocols, the browser ID, and the appropriate certs don't all match up adequately, the connection fails. My guess is that the site (or its server host) has implemented something that is suddenly interfering with certain browser configurations being able to establish an appropriate SSL link.
-
-
christoph142 last edited by
Opera ASA remotely disabled SSLv3 on all Opera Presto installations to fight POODLE.
Your mentioned site is probably one of those 1% that still don't support any proper security protocol.You can read more about it here.
-
blackbird71 last edited by
What are those TTLLSSLLSSSssses?
Both SSL and TLS refer to Internet security protocols. "TLS" (transport layer security) protocols grew out of (but is intended to eventually replace) the SSL (secure socket layer) protocols. Because 'eventually' has not yet fully happened, there's currently some overlap, and the SSL, TLS, and https terms are often blurred. TLS 1, 1.1, and 1.2 (along with their associated protocols and ciphers) are the current TLS versions, with 1.3 still in the works. SSL3 is the term applied to a manifestation of SSL. The two kinds of protocols (TLS and SSL) differ in what ports are used, what the handshaking sequence is, and various other details. The key point is that the "Poodle" exploit has shown that SSL3 can be readily be broken procedurally and is no longer deemed able to preserve user data security over the Internet.
As things are supposed to work, a user's computer and a website are intended to negotiate over the best (toughest) security protocol and ciphers mutually available to use for the communications session. If a given form is not available, then the next best form is negotiated, and so on. Not all sites bother to support the negotiation or implement it properly, and instead just push their SSL3; likewise, not all browsers handle equally the negotiation to a different-than-intial protocol level. Hence "stuff" happens, especially as SSL3 is now being deprecated, both in browsers and at sites... but not necessarily in the same way by all the players.
-
blackbird71 last edited by
Opera ASA remotely disabled SSLv3 on all Opera Presto installations to fight POODLE. ...
@christoph142, thank you for that comment! Somehow, I had run right past the statements about Presto when I earlier read the material in that link - I only picked up their references to Opera 25 and such. I commend Opera for their responsibility in sending the SSL3-disable update to existing Presto installations, since the data-compromise threat otherwise is very real and will only become more so in coming weeks.
-
-
blackbird71 last edited by
So, am I officially disabled or am I TLS'd?
Make sure by checking: Ctrl+F12 > Advanced > Security > Security Protocols > verify that "Enable SSL3" is UNchecked > OK > OK. Though whether you're officially disabled might require a doctor's assessment.
-
A Former User last edited by
Yeah, I've made sure;)
And by the way, this site's - TLS v1.2 128 bit AES (1024 bit DHE_RSA/SHA).
-
blackbird71 last edited by
... this site's - TLS v1.2 128 bit AES (1024 bit DHE_RSA/SHA)?
That means it's using the TLS 1.2 protocol version, and the other terms refer to the encryption standard and cipher suites being used.
-
blackbird71 last edited by
(duplicate post deleted - BB. Something keeps mis-firing with the forum right now where edits are sometimes being posted as new posts.)
-
rseiler last edited by
News of this unprompted update was slipped in at the end of this blog post, in case anyone was curious:
http://blogs.opera.com/security/2014/10/security-changes-opera-25-poodle-attacksIt has a most negative impact here (12.17, Windows 8.1) in that it causes Opera to crash. I've had quite a fun week changing the settings back, only to find them flipped again. I'm not sure why security protocols would cause this, but they definitely do, at least here. I'm curious if anyone else has seen it happen.
I need the original settings: SSL3 and TLS1 on only for stability. When they're flipped off and TLS2/TLS3 are flipped on, at some seemingly random point later, Opera crashes.
I'm not quite sure yet how to stop Opera from changing it on me, as disabling automatic updates doesn't do it. Blocking autoupdate.opera.com at the hosts/firewall level may do it, but that's not confirmed.
-
blackbird71 last edited by
News of this unprompted update was slipped in at the end of this blog post, in case anyone was curious:
http://blogs.opera.com/security/2014/10/security-changes-opera-25-poodle-attacks
It has a most negative impact here (12.17, Windows 8.1) in that it causes Opera to crash. I've had quite a fun week changing the settings back, only to find them flipped again. I'm not sure why security protocols would cause this, but they definitely do, at least here. I'm curious if anyone else has seen it happen.
I need the original settings: SSL3 and TLS1 on only for stability. When they're flipped off and TLS2/TLS3 are flipped on, at some seemingly random point later, Opera crashes.
I'm not quite sure yet how to stop Opera from changing it on me, as disabling automatic updates doesn't do it. Blocking autoupdate.opera.com at the hosts/firewall level may do it, but that's not confirmed.I've not had any instability issues with my several Presto Opera versions since the SSL3 updating was announced. However, I had already manually disabled SSL3 on them some time back, when suspicions first emerged about SSL3 security... and whether that affected Opera's 'pushed' SSL3-blocking update to my installations, I can't say.
What I have seen is some website incompatibility in the SSL3-blocked Opera versions, akin to that described in this thread, but no browser instability. Likewise, I had manually tweaked my 11.52 version back to enable SSL3 a couple of days ago, and when I checked it tonight, it was still set that way (and operating appropriately with an SSL3 test site)... so I can't verify that Opera is continually pushing a block of the SSL3 setting - at least to installations like mine that have their auto-updating "turned off".
-
rseiler last edited by
@blackbird, auto-updating turned to off didn't stop it for me. It changed it several times after doing that. So far, at least, blocking autoupdate.opera.com has stopped it, but I won't be 100% sure until tomorrow.
When you set yours manually, you're unchecking SSL3 and checking the other three items? Or are you unchecking SSL3 and leaving only TLS1 checked? I'm just wondering if the way you're setting it matches the way Opera is so we're sure that it's a direct comparison.
-
johnwaynecrazy last edited by
I'm having the same problem with Opera 12.17 randomly crashing on Windows 8.1. Sometimes it will be fine for an hour or so and then crash, sometimes it crashes back to back every few minutes. I'm using the x64 version.
I'll try changing the SSL3 setting and see if that stops the problem for me.
-
blackbird71 last edited by
... When you set yours manually, you're unchecking SSL3 and checking the other three items? Or are you unchecking SSL3 and leaving only TLS1 checked? ...
When I manually set it, I uncheck SSL3 and check (or leave checked) all the others.
