The Conservative Cave
The Help Desk => Computer Related Discussions & Questions => Topic started by: mrclose on October 18, 2014, 12:06:47 AM
-
Up until yesterday I have always been able to access the following site with no problem using the Opera browser. https://ws1.aholdusa.com/jgpromos/homeaccess/index.htm
Now, no matter what I do (clearing cache, reboot, manually typing the url address) it wont open?
I continue to get "Unable to complete secure transaction" .. "Check that the address is spelled correctly, or "try searching for the site."
I also get this page ...
You tried to access the address https://ws1.aholdusa.com/jgpromos/homeaccess/index.htm, which is currently unavailable. Please make sure that the web address (URL) is correctly spelled and punctuated, then try reloading the page.
Secure connection: fatal error (47)
It isn't a problem with the https url because my bank and other secure sites still work. It is an opera browser problem because all of my other browsers will open the page. (firefox, pale moon, IE, chrome) (I am using the latest opera update)
I would appreciate any suggestions as to what the problem might be.
Thank You
-
Sounds like a server-side issue. Remove the secure connection from the URL.
http://ws1.aholdusa.com/jgpromos/homeaccess/index.htm
Edit: after checking the URL, the site/server seems to be down or not working.
I'm being redirected to a login page: https://ws1.aholdusa.com/jgpromos/homeaccess/index.htm
Try another browser.
-
Sounds like a server-side issue. Remove the secure connection from the URL.
http://ws1.aholdusa.com/jgpromos/homeaccess/index.htm
Edit: after checking the URL, the site/server seems to be down or not working.
I'm being redirected to a login page: https://ws1.aholdusa.com/jgpromos/homeaccess/index.htm
Try another browser.
The server isn't down.
I can access the page with all of my other browsers.
It is my sign on page.
I can get to the site using another browser, I am just curious as to why I can no longer use opera to open the page?
-
I received this answer from a tech forum ...
Security schemes in browsers are always being tweaked by the various companies that make the browsers, sometimes a new scheme will change the way the browser functions after an update on some sites.
That appears to be the case here.
Apparently SSL 3.0 has been disabled in the latest Opera due to a big security issue, most secure sites have stopped using the SSLv3 standard because of this security issue so Opera works fine on those sites but any secure site that is still using SSLv3 will not be accessible in Opera until they update their server to abandon SSLv3.
In the meantime you will have to use a browser that retains SSLv3 compatibility for those outdated https sites.
-
I thought this was kinda of interesting so I dug in a little more.
This is the giveaway: "Secure connection: fatal error (47)"
I think what's happening is that TLSv1.2 is the latest secure protocol for Internet communications. But in order to continue to support legacy server implementations some browsers (not Opera apparently) have a process called TLS_FALLBACK_SCSV which just means that the server is attempting to convince the browser to downgrade the acceptable security to a version that is supported by the server.
It appears to me that Opera does not support TLS_FALLBACK_SCSV so it fails to set up the secure connection.
Other browsers, if they support TLS_FALLBACK_SCSV, are able to negotiate down and make the connection (although less secure).
So, and I think you already know this, in order to get to your web page you will need to use a browser that allows the older protocols.
-
I'm still nosing around on this.
I found a website that will scan the domain you're trying to get to for the vulnerability that Opera is trying to protect you against.
The vulnerability is called POODLE and the scanner reveals what security protocol the site supports.
Your site (aholdusa.com) appears to only go up to SSLv3 and Opera is refusing that so that's a fatal error resulting in "Secure connection: fatal error (47)".
Edit: If you must use Opera to get to your site go here: http://help.opera.com/Windows/12.10/en/protocols.html
-
I'm still nosing around on this.
I found a website that will scan the domain you're trying to get to for the vulnerability that Opera is trying to protect you against.
The vulnerability is called POODLE and the scanner reveals what security protocol the site supports.
Your site (aholdusa.com) appears to only go up to SSLv3 and Opera is refusing that so that's a fatal error resulting in "Secure connection: fatal error (47)".
Edit: If you must use Opera to get to your site go here: http://help.opera.com/Windows/12.10/en/protocols.html
Thank You EagleKeeper.
This was a response from one of opera's inside folks!
(Good luck in deciphering it) :lmao:
Opera 12.14 (which I've modified to block any SSL3) fails as you've described.
If I allow SSL3 transactions in 12.14, then it proceeds to the log-in page. Qupzilla 1.8.2 (which supposedly has some protection against SSL exploits, though I question how much) allows the log-in page to appear as well. Below is the response from FireFox (which has Mozilla's latest extension-patch installed to block SSL3 in it):
"Secure Connection Failed
An error occurred during a connection to ws1.aholdusa.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Errorcode: sslerrornocypheroverlap)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."
I strongly suspect this all stems from the mass of confusion now surrounding how to best deal with the evaporation of SSL3 security via the very recent "Poodle" exploit and how various websites are responding to that situation, especially if they formerly operated using SSL3.
Different browsers may deal differently with the various levels of TLS and whether/how they decrement TLS levels if the highest ones aren't successfully implemented in their communications with a site.
Likewise, the site may be coded to respond differently now to a given browser user-agent-string than it did in the recent past.
The net effect is that if the TLS-level handshaking, the necessary encryption protocols, the browser ID, and the appropriate certs don't all match up adequately, the connection fails.
My guess is that the site (or its server host) has implemented something that is suddenly interfering with certain browser configurations being able to establish an appropriate SSL link.
-
Thank You EagleKeeper.
This was a response from one of opera's inside folks!
(Good luck in deciphering it) :lmao:
Eh, it makes perfect sense and confirms something I didn't make clear.
Windows XP...There are still a lot of people that refuse to give it up and I think IE 8 is the latest version that will run on XP.
IE 8 only goes up to SSLv3, so...many Internet destinations will bend over backwards to support SSLv3 at the expense of folkes that are trying to operate at the bleeding edge (TLS1.X).
And then you have browsers (modern browsers mind you) that are bending over backwards to support websites that are bending over backwards to support XP.
So, there you have it...Opera said no...and broke your homepage.
-
So, there you have it...Opera said no...and broke your homepage.
And using the link that you posted .. I went to my security settings and fixed it!!! :rofl: :rofl: :rofl: :rofl:
-
THANK YOU :yahoo:
-
I love a happy ending.