[MEGA] might be dead?

[player47]

I read this news Kim Dotcom Warns Mega Users to Backup Their Files

And also when I try to go to Mega.nz I get this:

 

Secure Connection Failed

An error occurred during a connection to mega.nz. Peer attempted old style (potentially vulnerable) handshake. Error code: SSL_ERROR_UNSAFE_NEGOTIATION

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

 

My browser is up to date Firefox 48.0.1

On https://www.howsmyssl.com/ I got:Your SSL client is Probably Okay. Using:

• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
• TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
• TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_256_CBC_SHA

 

So is it just me that Mega.nz is not working or you guys also have this problem? I really hope [MEGA] is not dead.

[Beave]

Works fine for me

 

[adog68]

I have been downloading from it all day with no problems,. Just check it again and it's fine. I use chrome with Mega, Firefox never completes downloads right without the browser extension.

-adog

Edited August 24, 2016 by adog68

[player47]

It turns out my security settings on Firefox is set too strict.

 

I got [MEGA] to work by going to:(about:config) and searching for [security.ssl.require_safe_negotiation] and changing it to False.

"security.ssl.require_safe_negotiation

Current default value: False (I have it on True)

This pref controls the behaviour during the initial negotiation between client and server.

If set to true, a Mozilla client will reject all connection attempts to servers that are still using the old SSL/TLS protocol and which might be vulnerable to the attack.

Setting this preference to “true” is the only way to guarantee full protection against the attack. Unfortunately, as of time of (initial) writing, this would break nearly all secure sites on the web. (Update: As of December 2010, this still applies for a majority of web sites.)

Eventually, if enough sites have been upgraded to the new protocol versions, this preference will be set to “true” by default."

"security.ssl.treat_unsafe_negotiation_as_broken

Current default value: False (I do recommend changing this to True)

This preference can be used to achieve visual feedback when connecting to a server that still utilises the old protocol version, not yet supporting the new, enhanced protocol version(s).

When set to true, when connecting to such a server, Firefox will warn about “broken security” by displaying a red/broken padlock in its status bar.

It should be noted that this indicator isn't of much help with regards to state of the connection used to retrieve the content. When you see the indicator, it's already “too late”, as a connection to that server has already been established and an attack may have already occurred.

However, it's still helpful to have this indicator, as it raises awareness of servers that still need to be upgraded. “Evangelists” (for a better web) should ask server operators to perform a server software upgrade in order to protect users and their data.

If you read this page and understand this issue, you are encouraged to switch this pref to true and help with the process to upgrade Web servers (by discovering servers using questionable versions, and asking operators to upgrade).

Note: No visual warnings are yet available for other Mozilla software. However, Mozilla clients will produce warnings on the error console for sites that are potentially vulnerable. "

 

I also recommend you guys to check these two sites: SSL/TLS Capabilities of Your Browser & How's My SSL?