Do more on the web, with a fast and secure browser!

Download Opera browser with:

  • built-in ad blocker
  • battery saver
  • free VPN
Download Opera

Opera 12.17 no longer works with https for me

  • I've been having this problem for the last few days, too, on numerous websites that other browsers have no trouble with. I realize they may not be very interested in Presto-based Opera any more, but this is a security issue, so I really, really hope they fix this.

  • Thanks for the obscure fix for the OCSP flavor. There's another new issue with some sites though:
    Secure connection: fatal error (40) from server (Failed to connect to server. The reason may be that the encryption methods supported by the server are not enabled in the security preferences_.

    Still trying to figure that one out. This Russian thread says that it relates to Cloudfare. Apparently, the response from them is: "Yes, the Opera problem is a known issue and should be fixed on their end."
    https://archlinux.org.ru/forum/topic/14019

  • So, yes, the problem I mentioned last time, error 40, is because of CloudFlare's new free Universal SSL service, which requires a digital signature algorithm called ECDSA. As you can see by running this test, the signature algorithms section for Opera is blank:
    https://www.ssllabs.com/ssltest/viewMyClient.html

    I engaged in an extended tech support back-and-forth with CloudFlare, and that's a hopeless avenue, trust me. Even their supported browsers list is wrong:
    https://www.cloudflare.com/ssl#browsers

    Opera 8?! Uh, no.

    BTW, TLS 1.1 is not enabled by default in Opera, but it's easily enabled in Prefs. It doesn't help though.

    So, if Universal SSL catches on, it's the end of the Opera 12 line. So far that I've found, it's limited to obscure sites like the one I mentioned last time and this one:
    https://dabr.eu

    Fortunately, CloudFlare's paid service doesn't seem to have the issue. If it did, Opera 12 would have already been over.

  • Opera 8?! Uh, no.

    Fyi, Opera 8.54 works fine there, after you accept RSA certificate. Same with IE7.

  • Fyi, Opera 8.54 works fine there, after you accept RSA certificate. Same with IE7.

    That's incredible. I wonder why.

  • Has anyone figured out a workaround for Error 40 yet, or at least an explanation for how an ancient version of Opera (apparently) works yet v12 doesn't? Sites that use ECDSA continue to grow.

  • In checking the https://www.ssllabs.com/ssltest/viewMyClient.html site, if I employ Opera 12.14 with TLS 1.2 (and TLS 1.1 and 1) enabled, the site identifies signature algorithms of: SHA256/RSA, SHA1/RSA, MD5/RSA, SHA1/DSA. If I disable TLS 1.2, leaving enabled TLS 1.1 (and TLS 1), and revisit the site, it indeed identifies no available signature algorithms and warns the visitor about his browser not supporting TLS 1.2. (Performance is identical using Opera 11.52). It appears that the site and/or Opera doesn't provide for signature algorithms at TLS 1.1 or below.

    Also, FWIW and from what I can determine, Opera 6.x through 8.x employed protocols SSL2, SSL3, and TLS 1.0. Opera 9.x employed SSL 2 (but was not set as default), SSL3, TLS 1.0, and added TLS 1.1 support. Somewhere after 9.x (either with 10.x or 11.x), SSL 2 was dropped entirely and TLS 1.2 support was added... that being the situation with my copies of Opera 11.x and 12.x. (My Opera 10.x copy has 'gone away', so I can't check it.)

  • Signature algorithms SHA256/ECDSA, SHA384/ECDSA, and SHA1/ECDSA are probably the ones that are key to this (and maybe "Elliptic curves" too, whatever that is) for the Error 40 sites to actually work. Though I find it very hard to believe that those magically exist in 8.54.

  • Anyone find a solution for this?

  • @mxxxw This will not be changed in Opera 12.
    Use Opera 26.

  • "Use Opera 26." LMFAO!

    Already have a backup browser, heavily modified FF. Just wanted to know if there's some sort of "hack" like the Google making you use the old web UI if you don't make it think you are using FF.

  • @mxxxw I said Opera 12 will not get any fixes related to new SSL ciphers. You cant enabled ciphers not programmed in Operas 12's internal SSL lib. There is no hack to activate nonextstent program features.

  • @mxxxw

    The problem web-site hosted by Cloudfire, ins't?

    Try to import chr... Opera's root certs to the Opera 12.

    1. Download archive: https://app.box.com/s/5p00vediw04ds7xkxwgg
    2. Close Opera
    3. Extract archive to your Opera's profile folder (don't forget to backup all *.dat files before any manipulations). Replace(rewrite) original *.dat files with files from zip-archive.

    This should fix the issue with Cloudfire/SSL !

  • Some are hosted by Cloudfire, but not all. Yes, it's the Error 40 I get. But sadly , replacing the existing cert files did not help.

  • Opera 12 has really strange problems with some websites and TLS.

    I have recognized:

    • Some websites hosted on Cloudflare servers
    • some websites hosted elsewhere but have Cloudflare SSL certificates
    • some websites have only modern cryptografic ciphers
    • Some websites Opera has stranges OCSP problems

    So i have to use Firefox or new Opera.

  • @mxxxw
    Can you provide an URL that causes the problem with SSL? What is your Opera's version - x86 or x64?

    Some are hosted by Cloudfire, but not all. Yes, it's the Error 40 I get. But sadly , replacing the existing cert files did not help.

    Hmmm. The new root certificates did helped me! At least, an web-site that uses certificate issued by Cloudfire works now. With old Opera's certs it didn't worked ( "connection failed", "fatal error (40)" ).

    But works now: https://archlinux.org.ru/

    Cert:
    Holder: ssl2000.cloudflare.com, CloudFlare, Inc.
    Issuer: GlobalSign Organization Validation CA - G2, GlobalSign nv-sa
    Expires: 12.10.2015 10:08:00 GMT
    Encryption protocol TLS v1.0 128 bit AES (2048 bit RSA/SHA)

    p.s. Tested in Opera 12.17 x64 (Win7 x64)

  • Tested in Ubuntu 13.04 / Opera 12.14 x86. Works too for me (with replaced root certs)!

  • No effect here (eztv.it, dabr.eu, archlinux.org.ru, etc).

    @stng, where did those files come from and what gave you the idea that they would work? Why do they seemingly work for some people? And since the files are updated every single time you run Opera, even if they did work, what good are they?

  • @stng

    Try to import chr... Opera's root certs to the Opera 12.

    Download archive: https://app.box.com/s/5p00vediw04ds7xkxwgg
    Close Opera
    Extract archive to your Opera's profile folder (don't forget to backup all *.dat files before any manipulations). Replace(rewrite) original *.dat files with files from zip-archive.

    You should explain where to get the other/missing certificates and how to import, to get it work.
    Replacing opera certs files from a unknwon dropbox is not very secure!
    I would never trust such download!!!

  • Or better, what he changed in which cert to make a difference.

    Upon disabling TLS 1.1/1.2, I found that with the above files I can get to archlinux.org.ru but not the other two sites I mentioned (and probably many more sites), so it's not a full solution. We may be close to a solution with more information from stng.

Log in to reply