Unable to access a particular site since Yesterday ...

leocg

leocg Moderator Volunteer

Do you have problems with other secure sites or just with that one?

mrclose

mrclose

Just that one.

As I said, it does open with my other browsers, just not with opera any longer.

Have used opera for years on the site.

blackbird71

blackbird71

Opera 12.14 (which I've modified to block any SSL3) fails as you've described. If I allow SSL3 transactions in 12.14, then it proceeds to the log-in page. Qupzilla 1.8.2 (which supposedly has some protection against SSL exploits, though I question how much) allows the log-in page to appear as well. Below is the response from FireFox (which has Mozilla's latest extension-patch installed to block SSL3 in it):

"Secure Connection Failed

An error occurred during a connection to ws1.aholdusa.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Errorcode: ssl-error-no-cypher-overlap)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."

(BB NOTE: the error code contains underscores instead of dashes... but I can't get the markdown coding in this forum to render it.)

I strongly suspect this all stems from the mass of confusion now surrounding how to best deal with the evaporation of SSL3 security via the very recent "Poodle" exploit and how various websites are responding to that situation, especially if they formerly operated using SSL3. Different browsers may deal differently with the various levels of TLS and whether/how they decrement TLS levels if the highest ones aren't successfully implemented in their communications with a site. Likewise, the site may be coded to respond differently now to a given browser user-agent-string than it did in the recent past. The net effect is that if the TLS-level handshaking, the necessary encryption protocols, the browser ID, and the appropriate certs don't all match up adequately, the connection fails. My guess is that the site (or its server host) has implemented something that is suddenly interfering with certain browser configurations being able to establish an appropriate SSL link.

A Former User

What are those TTLLSSLLSSSssses?

christoph142

christoph142

Opera ASA remotely disabled SSLv3 on all Opera Presto installations to fight POODLE.
Your mentioned site is probably one of those 1% that still don't support any proper security protocol.

You can read more about it here.

blackbird71

blackbird71

What are those TTLLSSLLSSSssses?

Both SSL and TLS refer to Internet security protocols. "TLS" (transport layer security) protocols grew out of (but is intended to eventually replace) the SSL (secure socket layer) protocols. Because 'eventually' has not yet fully happened, there's currently some overlap, and the SSL, TLS, and https terms are often blurred. TLS 1, 1.1, and 1.2 (along with their associated protocols and ciphers) are the current TLS versions, with 1.3 still in the works. SSL3 is the term applied to a manifestation of SSL. The two kinds of protocols (TLS and SSL) differ in what ports are used, what the handshaking sequence is, and various other details. The key point is that the "Poodle" exploit has shown that SSL3 can be readily be broken procedurally and is no longer deemed able to preserve user data security over the Internet.

As things are supposed to work, a user's computer and a website are intended to negotiate over the best (toughest) security protocol and ciphers mutually available to use for the communications session. If a given form is not available, then the next best form is negotiated, and so on. Not all sites bother to support the negotiation or implement it properly, and instead just push their SSL3; likewise, not all browsers handle equally the negotiation to a different-than-intial protocol level. Hence "stuff" happens, especially as SSL3 is now being deprecated, both in browsers and at sites... but not necessarily in the same way by all the players.

blackbird71

blackbird71

Opera ASA remotely disabled SSLv3 on all Opera Presto installations to fight POODLE. ...

@christoph142, thank you for that comment! Somehow, I had run right past the statements about Presto when I earlier read the material in that link - I only picked up their references to Opera 25 and such. I commend Opera for their responsibility in sending the SSL3-disable update to existing Presto installations, since the data-compromise threat otherwise is very real and will only become more so in coming weeks.

A Former User

So, am I officially disabled or am I TLS'd?

blackbird71

blackbird71

So, am I officially disabled or am I TLS'd?

Make sure by checking: Ctrl+F12 > Advanced > Security > Security Protocols > verify that "Enable SSL3" is UNchecked > OK > OK. Though whether you're officially disabled might require a doctor's assessment.

A Former User

Yeah, I've made sure;)
And by the way, this site's - TLS v1.2 128 bit AES (1024 bit DHE_RSA/SHA).

blackbird71

blackbird71

... this site's - TLS v1.2 128 bit AES (1024 bit DHE_RSA/SHA)?

That means it's using the TLS 1.2 protocol version, and the other terms refer to the encryption standard and cipher suites being used.

blackbird71

blackbird71

(duplicate post deleted - BB. Something keeps mis-firing with the forum right now where edits are sometimes being posted as new posts.)

rseiler

rseiler

News of this unprompted update was slipped in at the end of this blog post, in case anyone was curious:
http://blogs.opera.com/security/2014/10/security-changes-opera-25-poodle-attacks

It has a most negative impact here (12.17, Windows 8.1) in that it causes Opera to crash. I've had quite a fun week changing the settings back, only to find them flipped again. I'm not sure why security protocols would cause this, but they definitely do, at least here. I'm curious if anyone else has seen it happen.

I need the original settings: SSL3 and TLS1 on only for stability. When they're flipped off and TLS2/TLS3 are flipped on, at some seemingly random point later, Opera crashes.

I'm not quite sure yet how to stop Opera from changing it on me, as disabling automatic updates doesn't do it. Blocking autoupdate.opera.com at the hosts/firewall level may do it, but that's not confirmed.

blackbird71

blackbird71

News of this unprompted update was slipped in at the end of this blog post, in case anyone was curious:
http://blogs.opera.com/security/2014/10/security-changes-opera-25-poodle-attacks
It has a most negative impact here (12.17, Windows 8.1) in that it causes Opera to crash. I've had quite a fun week changing the settings back, only to find them flipped again. I'm not sure why security protocols would cause this, but they definitely do, at least here. I'm curious if anyone else has seen it happen.
I need the original settings: SSL3 and TLS1 on only for stability. When they're flipped off and TLS2/TLS3 are flipped on, at some seemingly random point later, Opera crashes.
I'm not quite sure yet how to stop Opera from changing it on me, as disabling automatic updates doesn't do it. Blocking autoupdate.opera.com at the hosts/firewall level may do it, but that's not confirmed.

I've not had any instability issues with my several Presto Opera versions since the SSL3 updating was announced. However, I had already manually disabled SSL3 on them some time back, when suspicions first emerged about SSL3 security... and whether that affected Opera's 'pushed' SSL3-blocking update to my installations, I can't say.

What I have seen is some website incompatibility in the SSL3-blocked Opera versions, akin to that described in this thread, but no browser instability. Likewise, I had manually tweaked my 11.52 version back to enable SSL3 a couple of days ago, and when I checked it tonight, it was still set that way (and operating appropriately with an SSL3 test site)... so I can't verify that Opera is continually pushing a block of the SSL3 setting - at least to installations like mine that have their auto-updating "turned off".

rseiler

rseiler

@blackbird, auto-updating turned to off didn't stop it for me. It changed it several times after doing that. So far, at least, blocking autoupdate.opera.com has stopped it, but I won't be 100% sure until tomorrow.

When you set yours manually, you're unchecking SSL3 and checking the other three items? Or are you unchecking SSL3 and leaving only TLS1 checked? I'm just wondering if the way you're setting it matches the way Opera is so we're sure that it's a direct comparison.

johnwaynecrazy

johnwaynecrazy

I'm having the same problem with Opera 12.17 randomly crashing on Windows 8.1. Sometimes it will be fine for an hour or so and then crash, sometimes it crashes back to back every few minutes. I'm using the x64 version.

I'll try changing the SSL3 setting and see if that stops the problem for me.

blackbird71

blackbird71

... When you set yours manually, you're unchecking SSL3 and checking the other three items? Or are you unchecking SSL3 and leaving only TLS1 checked? ...

When I manually set it, I uncheck SSL3 and check (or leave checked) all the others.

A Former User

This is interesting, as my Opera 12.17 has been crashing a lot recently too.
I thought it was being caused by the Flash plugin, but now I'm not so sure of course!
I can be using the browser perfectly normally, and suddenly without any warning or error messages, it will just suddenly shut down.
I've even seen it do it when it was minimised to the system tray and not being used!
On restart I always send the error report, but as usual it only ever says "there is no detailed information about this crash".

Deleted User

Deleted User

On restart I always send the error report, but as usual it only ever says "there is no detailed information about this crash".

Dave, the answer has to be that the devs are simply totally involved on working on the new browser. In all probability, there is not only no development of the Presto version but no maintenance of it as well. Reports of crashes are in all likelihood ignored at this juncture. That's a guess, mind you, but I would expect that is now the case.

A Former User

Almost certainly true sadly, but I don't actually remember crash reports ever saying anything other than that when Opera 12 WAS the current version!
Anyway, it's just my sad "whistling in the wind" way of trying to remind the guys at Opera that there ARE people actually still using Opera 12.
I still always send the crash reports from Windows XP to Microsoft as well, for the same reason!
:jester: