Since installing Firefox 33 a "Secure Connection Failed" error is no longer bypassable using the
"I Understand the Risks" button - it's gone!
Is it still somehow possible to ignore certificate errors? (e.g. for lazy use in local environments)
Error code: sec_error_invalid_key
7 Answers
Open Firefox's about:config
Set security.tls.insecure_fallback_hosts = (substitute the domain you're having the problem with)
Reload the page
7This problem has been reported to Mozilla in their support forum.
The reason is that Firefox 33 has fully switched to the more strict libPKIX and you can no longer disable this library and fall back to the previous NSS code.
See related Mozilla blog post and bug:
Bug 975229 - Remove NSS-based certificate verification
It appears that they will not change this behavior.
If your problem is like mine, on a webmin site, try recreating the certificate from inside webmin. It helped me get back the "make security exception" in FF 33.0!
1I had the same issue with Webmin and firefox 33. When I looked at the SSL certificate that Webmin was using, I found that it was using a 512 bit key! This must have been the default key size when I installed Webmin a couple of years ago.
Firefox 33 no longer supports keys less than 1024 bits (with good reason). See site compatibility
You can fix this right from Webmin if you use another browser that lets you bypass this type of error or if you temporarily disable SSL in webmin by setting ssl=0 in /etc/webmin/miniserv.conf and restart webmin with "/etc/init.d/webmin restart". Just login to the Webmin web UI and select: Webmin -> Webmin Configuration -> SSL Encryption -> Self Signed Certificate. Fill in the form (or leave the defaults) and then click the Create Now button. If you temporarily disabled ssl enable it with ssl=1 in /etc/webmin/miniserv.conf and restart webmin with "/etc/init.d/webmin restart". This will update your self-signed certificate for Webmin and you will now be able to access the page from Firefox 33 (With the usual browser warning about an untrusted connection).
Tried suggestion by @wisbucky but needed browser restart to bypass "Secure Connection Failed" error.
Steps followed were -
Open Firefox's config by typing following in address bar -
about:config
Search for security.tls.insecure_fallback_hosts and set it to
security.tls.insecure_fallback_hosts = hostname of site throwing error
For messages about a weak DH key, try toggling the following preferences (in Firefox's about:config):
- security.ssl3.dhe_rsa_aes_128_sha
- security.ssl3.dhe_rsa_aes_256_sha
This solved a "Secure Connection Failed" error I was seeing:
0SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
Another potential fix worth noting: In your about:config, your user profile may have some settings that have been corrupted.
One in particular that was noted here: security.tls.version.max
In particular, the discussion at the linked site points out that somehow the security.tls.version.max setting had been changed from its original value (3) to the new value of 1, and after that change, the user was not able to connect to certain sites that needed the newer Transport Layer Security.
One easy way to check if this is happening without first mucking around with your about:config is to try creating a fresh profile, by running firefox -P and then creating a new profile, and see if you can successfully visit the site.
The webmin initial self ssl key is 512 byte
Solutions: using chrome or firefox , login in webmin , in webmin configuration ->SSL Encryption->Self-Signed Certificate
create a new SSL key and certificate for your Webmin server , the RSA key select default (2048), and make sue 'Use new key immediately'
then you can using IE access Webmin
