Unable to access a particular site since Yesterday ...

  • Up until yesterday I have always been able to access the following site with no problem.
    https://ws1.aholdusa.com/jgpromos/homeaccess/index.htm

    Now, no matter what I do (clearing cache, reboot, manually typing the url address) it wont open?

    I continue to get "Unable to complete secure transaction" .. "Check that the address is spelled correctly, or "try searching for the site."

    It isn't a problem with the https url because my bank and other secure sites still work.
    It is an opera browser problem because all of my other browsers will open the page.
    (firefox, pale moon, IE, chrome)
    (I am using the latest opera update)

    I would appreciate any suggestions as to what the problem might be.

    Thank You

    [Mod Edit: Changed vague/non-descriptive topic title to something a little less vague]

  • I also get this page:

    You tried to access the address https://ws1.aholdusa.com/jgpromos/homeaccess/index.htm, which is currently unavailable. Please make sure that the web address (URL) is correctly spelled and punctuated, then try reloading the page.

    Secure connection: fatal error (47)

  • Which version of Opera? The page loads fine here on Stable 25 and developer 26.

  • Version
    12.17
    Build
    1863

    Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.17

    Whatever all of that means?

  • I received this on another forum as an answer.

    What do you think?

    Security schemes in browsers are always being tweaked by the various companies that make the browsers, sometimes a new scheme will change the way the browser functions after an update on some sites.

    That appears to be the case here.

    Apparently SSL 3.0 has been disabled in the latest Opera due to a big security issue, most secure sites have stopped using the SSLv3 standard because of this security issue so Opera works fine on those sites but any secure site that is still using SSLv3 will not be accessible in Opera until they update their server to abandon SSLv3.

    In the meantime you will have to use a browser that retains SSLv3 compatibility for those outdated https sites.

  • Do you have problems with other secure sites or just with that one?

  • Just that one.

    As I said, it does open with my other browsers, just not with opera any longer.

    Have used opera for years on the site.

  • Opera 12.14 (which I've modified to block any SSL3) fails as you've described. If I allow SSL3 transactions in 12.14, then it proceeds to the log-in page. Qupzilla 1.8.2 (which supposedly has some protection against SSL exploits, though I question how much) allows the log-in page to appear as well. Below is the response from FireFox (which has Mozilla's latest extension-patch installed to block SSL3 in it):

    "Secure Connection Failed

    An error occurred during a connection to ws1.aholdusa.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Errorcode: ssl-error-no-cypher-overlap)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."

    (BB NOTE: the error code contains underscores instead of dashes... but I can't get the markdown coding in this forum to render it.)

    I strongly suspect this all stems from the mass of confusion now surrounding how to best deal with the evaporation of SSL3 security via the very recent "Poodle" exploit and how various websites are responding to that situation, especially if they formerly operated using SSL3. Different browsers may deal differently with the various levels of TLS and whether/how they decrement TLS levels if the highest ones aren't successfully implemented in their communications with a site. Likewise, the site may be coded to respond differently now to a given browser user-agent-string than it did in the recent past. The net effect is that if the TLS-level handshaking, the necessary encryption protocols, the browser ID, and the appropriate certs don't all match up adequately, the connection fails. My guess is that the site (or its server host) has implemented something that is suddenly interfering with certain browser configurations being able to establish an appropriate SSL link.

  • What are those TTLLSSLLSSSssses?

  • Opera ASA remotely disabled SSLv3 on all Opera Presto installations to fight POODLE.
    Your mentioned site is probably one of those 1% that still don't support any proper security protocol.

    You can read more about it here.

  • What are those TTLLSSLLSSSssses?

    Both SSL and TLS refer to Internet security protocols. "TLS" (transport layer security) protocols grew out of (but is intended to eventually replace) the SSL (secure socket layer) protocols. Because 'eventually' has not yet fully happened, there's currently some overlap, and the SSL, TLS, and https terms are often blurred. TLS 1, 1.1, and 1.2 (along with their associated protocols and ciphers) are the current TLS versions, with 1.3 still in the works. SSL3 is the term applied to a manifestation of SSL. The two kinds of protocols (TLS and SSL) differ in what ports are used, what the handshaking sequence is, and various other details. The key point is that the "Poodle" exploit has shown that SSL3 can be readily be broken procedurally and is no longer deemed able to preserve user data security over the Internet.

    As things are supposed to work, a user's computer and a website are intended to negotiate over the best (toughest) security protocol and ciphers mutually available to use for the communications session. If a given form is not available, then the next best form is negotiated, and so on. Not all sites bother to support the negotiation or implement it properly, and instead just push their SSL3; likewise, not all browsers handle equally the negotiation to a different-than-intial protocol level. Hence "stuff" happens, especially as SSL3 is now being deprecated, both in browsers and at sites... but not necessarily in the same way by all the players.

  • Opera ASA remotely disabled SSLv3 on all Opera Presto installations to fight POODLE. ...

    @christoph142, thank you for that comment! Somehow, I had run right past the statements about Presto when I earlier read the material in that link - I only picked up their references to Opera 25 and such. I commend Opera for their responsibility in sending the SSL3-disable update to existing Presto installations, since the data-compromise threat otherwise is very real and will only become more so in coming weeks.

  • So, am I officially disabled or am I TLS'd? :)

  • So, am I officially disabled or am I TLS'd?

    Make sure by checking: Ctrl+F12 > Advanced > Security > Security Protocols > verify that "Enable SSL3" is UNchecked > OK > OK. Though whether you're officially disabled might require a doctor's assessment. ;)

  • Yeah, I've made sure;) :up:
    And by the way, this site's - TLS v1.2 128 bit AES (1024 bit DHE_RSA/SHA). :confused:

  • ... this site's - TLS v1.2 128 bit AES (1024 bit DHE_RSA/SHA)?

    That means it's using the TLS 1.2 protocol version, and the other terms refer to the encryption standard and cipher suites being used.

  • (duplicate post deleted - BB. Something keeps mis-firing with the forum right now where edits are sometimes being posted as new posts.)

  • News of this unprompted update was slipped in at the end of this blog post, in case anyone was curious:
    http://blogs.opera.com/security/2014/10/security-changes-opera-25-poodle-attacks

    It has a most negative impact here (12.17, Windows 8.1) in that it causes Opera to crash. I've had quite a fun week changing the settings back, only to find them flipped again. I'm not sure why security protocols would cause this, but they definitely do, at least here. I'm curious if anyone else has seen it happen.

    I need the original settings: SSL3 and TLS1 on only for stability. When they're flipped off and TLS2/TLS3 are flipped on, at some seemingly random point later, Opera crashes.

    I'm not quite sure yet how to stop Opera from changing it on me, as disabling automatic updates doesn't do it. Blocking autoupdate.opera.com at the hosts/firewall level may do it, but that's not confirmed.

  • News of this unprompted update was slipped in at the end of this blog post, in case anyone was curious:
    http://blogs.opera.com/security/2014/10/security-changes-opera-25-poodle-attacks
    It has a most negative impact here (12.17, Windows 8.1) in that it causes Opera to crash. I've had quite a fun week changing the settings back, only to find them flipped again. I'm not sure why security protocols would cause this, but they definitely do, at least here. I'm curious if anyone else has seen it happen.
    I need the original settings: SSL3 and TLS1 on only for stability. When they're flipped off and TLS2/TLS3 are flipped on, at some seemingly random point later, Opera crashes.
    I'm not quite sure yet how to stop Opera from changing it on me, as disabling automatic updates doesn't do it. Blocking autoupdate.opera.com at the hosts/firewall level may do it, but that's not confirmed.

    I've not had any instability issues with my several Presto Opera versions since the SSL3 updating was announced. However, I had already manually disabled SSL3 on them some time back, when suspicions first emerged about SSL3 security... and whether that affected Opera's 'pushed' SSL3-blocking update to my installations, I can't say.

    What I have seen is some website incompatibility in the SSL3-blocked Opera versions, akin to that described in this thread, but no browser instability. Likewise, I had manually tweaked my 11.52 version back to enable SSL3 a couple of days ago, and when I checked it tonight, it was still set that way (and operating appropriately with an SSL3 test site)... so I can't verify that Opera is continually pushing a block of the SSL3 setting - at least to installations like mine that have their auto-updating "turned off".

  • @blackbird, auto-updating turned to off didn't stop it for me. It changed it several times after doing that. So far, at least, blocking autoupdate.opera.com has stopped it, but I won't be 100% sure until tomorrow.

    When you set yours manually, you're unchecking SSL3 and checking the other three items? Or are you unchecking SSL3 and leaving only TLS1 checked? I'm just wondering if the way you're setting it matches the way Opera is so we're sure that it's a direct comparison.

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.