Unable to access a particular site since Yesterday ...

Deleted User

Deleted User last edited by

@rseiler: is "this" what you were referring to:
"Finally, Opera 12 on desktop is taking the lead with disabling SSLv3 support! Since we are not able to apply the countermeasure to all of the remaining Opera 12 installations (and it also does not support TLS_FALLBACK_SCSV), we have remotely turned off SSLv3. This will be automatically distributed to all Opera 12 desktop installations in the next few days. We’re allowing ourselves to be a bit experimental with this, so users who have not yet upgraded to Opera 25 may see more of the broken servers, and we will get some experience in turning off SSLv3..."?

blackbird71

blackbird71 last edited by

Simply 'turning off' SSL3 shouldn't crash the browser. It might affect how or if a site responds to Opera, but it shouldn't have direct impact to Opera (the program itself). I've manipulated the Presto manual SSL/TLS settings on and off for years and never seen any adverse effects beyond some site suddenly appearing to act up (usually it appears as a notice of being unable to complete the connection). So whatever is going on would seem to be beyond just a simple flipping of the SSL3 setting... that is, there has to be more to it than just that setting alone, with regard to the crashes.

rseiler

rseiler last edited by

It is more than disabling SSL3 though: it's also enabling TLS11 and TLS12, so a total of three changes are being pushed out (though that's the way you're running without incident). I've been meaning to test just disabling SSL3 (i.e. TLS1 is the only thing enabled), but I'm not in a period right now where I can crash out again. I'll try it soon though. Unfortunately, this is not the sort of thing you can easily test in that when it happens seems completely random. I have not id'd particular sites that trigger it, so replicating it on demand isn't possible yet.

BTW, do you also have OCSP disabled? And what OS do you have?

blackbird71

blackbird71 last edited by

(Duplicate post - deleted by BB. I continue to get duplicates occasionally instead of "edited" ones upon submission in this forum)

blackbird71

blackbird71 last edited by

...
BTW, do you also have OCSP disabled? And what OS do you have?

I'm running Win7Pro-64 most of the time; occasionally I run XP. No, I've not disabled OCSP on any of my Opera installations.

A Former User

A Former User last edited by

I re-enabled SSL3 as a test, and didn't have any crashes for several hours.
The browser has just crashed again however, and I checked and SSL3 was still enabled, along with the others which I didn't change.
I've now disabled everything except TLS1, so I'll see how that goes.
I'm on 32bit XP BTW.

andrey-vi

andrey-vi last edited by

"Thanks" for "updating" Opera 12.x…

First crash for me dating back to October 16 and browser is not usable from that day because of infinite crashes.

Opera 12.17 x64, Windows 8.1 x64.

Does anyone know how to fix this?

If this is impossible I have to switch to Firefox after 10 years with Opera. Opera based on Chromium is not usable for me.

unstandable

unstandable last edited by

I am using 12.17 on Windows 8.1 and had been having the same crashing problem recently. I was able to stop the crashing by typing "opera:config" into the address bar, searching for "SSL" and checking "Enable SSL v3", then searching for "TLS" and unchecking "Enable TLS v1.1" and "Enable TLS v1.2".

rseiler

rseiler last edited by

Opera employee Håvard said (in the above blog post, comments section) that "If you manually change the tls settings through opera:config, the Opera 12.17 update system will leave them alone," so that should be one way to stop it. I haven't tested that way.

Blocking autoupdate.opera.com in hosts or firewall also prevents updating.

Original configuration (no problem):
SSL 3: ON
TLS 1: ON
TLS 1.1: OFF
TLS 1.2: OFF

Automatically changed configuration (crashes for some):
SSL 3: OFF
TLS 1: ON
TLS 1.1: ON
TLS 1.2: ON

Working alternative here:
SSL 3: OFF
TLS 1: ON
TLS 1.1: OFF
TLS 1.2: OFF

Enabling of the higher TLS's (one or both) seems to be the issue.

A Former User

A Former User last edited by

I would agree, I've been working all day with just TLS 1 checked, and had no crashes at all.

A Former User

A Former User last edited by admin

An off-topic aside, but I've been having problems, as have others, using the latest Java versions with 12.17.
https://forums.opera.com/topic/5889/java-not-working-after-new-java-install-8-25
I happened to notice when I was checking its settings that Java 7 Update 67 (the last one that seems to work with 12.17) has SSL 3.0 enabled in its default security settings, and TLS 1.0 enabled and TLS 1.1 and 1.2 disabled.

highstream

highstream last edited by

Looking good so far. Wish I'd heard about this earlier, as I've tried lots of uninstalls and sys restores the past few days trying to find the culprit. Thanks,

rseiler

rseiler last edited by

I've tried the other TLS combinations now, and at least here, if SSL3 is disabled then the only TLS you can use with stability is TLS1.

A Former User

A Former User last edited by

I've been using it today with SSL 3 disabled, and TLS 1.0, 1.1, and 1.2 all enabled, and haven't had any crashes so far (touch wood!)

A Former User

A Former User last edited by

Spoke too soon, just crashed!
;_;
Now switched TLS 1.1 and 1.2 off again.

kanstisama

kanstisama last edited by

You guys rock! Thanks for all this info. I thought I loose all my hair because of not being able to log to some sites and this random crashing!!! Argh!!!... Really annoying week!!! I will also stay on TLS 1.0 for now.

redfox-cz

redfox-cz last edited by

The only working solution is to block access to address "autoupdate.opera.com" in your firewall (or add it to the Hosts file if you don't have a FW).
I don't know why Opera team is still disabling TLS 1.1 and 1.2 remotely on all clients, if it is more secure than TLS 1.0. Some web sites require the later TLS versions and don't work with 1.0.

blackbird71

blackbird71 last edited by admin

The only working solution is to block access to address "autoupdate.opera.com" in your firewall (or add it to the Hosts file if you don't have a FW). I don't know why Opera team is still disabling TLS 1.1 and 1.2 remotely on all clients...

Have you tried the opera:config method noted above in <https://forums.opera.com/post/55410 >? Regardless, some time ago, I also blocked Opera's autoupdater (via renaming the updater file) just to be sure my own settings aren't perturbed any more. As to why Opera continues disabling TLS 1.1 and 1.2, I believe there's a definite though not universal stability problem for some users and sites if those settings are turned on with SSL3 turned off (see: <https://forums.opera.com/post/55555 > plus a myriad of past posts in various forums). I think Opera has set their update server to auto-respond to every Presto Opera startup "ping" with their SSL-TLS fix instructions. In the past, they've auto-delivered JavaScript updates and other things at that startup point, so it's not unprecedented.