player47 Posted August 24, 2016 Report Share Posted August 24, 2016 I read this news Kim Dotcom Warns Mega Users to Backup Their Files And also when I try to go to Mega.nz I get this: Secure Connection Failed An error occurred during a connection to mega.nz. Peer attempted old style (potentially vulnerable) handshake. Error code: SSL_ERROR_UNSAFE_NEGOTIATION The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. My browser is up to date Firefox 48.0.1 On https://www.howsmyssl.com/ I got:Your SSL client is Probably Okay. Using: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA So is it just me that Mega.nz is not working or you guys also have this problem? I really hope [MEGA] is not dead. Quote Link to comment Share on other sites More sharing options...
Beave Posted August 24, 2016 Report Share Posted August 24, 2016 Works fine for me Quote Link to comment Share on other sites More sharing options...
adog68 Posted August 24, 2016 Report Share Posted August 24, 2016 (edited) I have been downloading from it all day with no problems,. Just check it again and it's fine. I use chrome with Mega, Firefox never completes downloads right without the browser extension. -adog Edited August 24, 2016 by adog68 Quote Link to comment Share on other sites More sharing options...
player47 Posted August 25, 2016 Author Report Share Posted August 25, 2016 It turns out my security settings on Firefox is set too strict. I got [MEGA] to work by going to:(about:config) and searching for [security.ssl.require_safe_negotiation] and changing it to False. "security.ssl.require_safe_negotiation Current default value: False (I have it on True) This pref controls the behaviour during the initial negotiation between client and server. If set to true, a Mozilla client will reject all connection attempts to servers that are still using the old SSL/TLS protocol and which might be vulnerable to the attack. Setting this preference to “true” is the only way to guarantee full protection against the attack. Unfortunately, as of time of (initial) writing, this would break nearly all secure sites on the web. (Update: As of December 2010, this still applies for a majority of web sites.) Eventually, if enough sites have been upgraded to the new protocol versions, this preference will be set to “true” by default." "security.ssl.treat_unsafe_negotiation_as_broken Current default value: False (I do recommend changing this to True) This preference can be used to achieve visual feedback when connecting to a server that still utilises the old protocol version, not yet supporting the new, enhanced protocol version(s). When set to true, when connecting to such a server, Firefox will warn about “broken security” by displaying a red/broken padlock in its status bar. It should be noted that this indicator isn't of much help with regards to state of the connection used to retrieve the content. When you see the indicator, it's already “too late”, as a connection to that server has already been established and an attack may have already occurred. However, it's still helpful to have this indicator, as it raises awareness of servers that still need to be upgraded. “Evangelists” (for a better web) should ask server operators to perform a server software upgrade in order to protect users and their data. If you read this page and understand this issue, you are encouraged to switch this pref to true and help with the process to upgrade Web servers (by discovering servers using questionable versions, and asking operators to upgrade). Note: No visual warnings are yet available for other Mozilla software. However, Mozilla clients will produce warnings on the error console for sites that are potentially vulnerable. " I also recommend you guys to check these two sites: SSL/TLS Capabilities of Your Browser & How's My SSL? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.