+fbax Posted June 23, 2016 Share Posted June 23, 2016 Starting this morning; I get the following error when accessing geocaching.com An error occurred during a connection to www.geocaching.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) Quote Link to comment
stebu Posted June 23, 2016 Share Posted June 23, 2016 Starting this morning; I get the following error when accessing geocaching.com An error occurred during a connection to www.geocaching.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) They seem to have moved from TSL 1.0 to a newer version (TSL 1.1 or 1.2). Older Android devices can't cope with this My 4.1 doesn't work. Quote Link to comment
+Pontiac_CZ Posted June 23, 2016 Share Posted June 23, 2016 I use Firefox and ran into this ssl_error_no_cypher_overlap this morning. Resetting SSL and TLS settings in about:config helped me. Quote Link to comment
+fbax Posted June 23, 2016 Author Share Posted June 23, 2016 Starting this morning; I get the following error when accessing geocaching.com An error occurred during a connection to www.geocaching.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) This issue simply "went away" after a few hours without any changes. Now this message appears when trying to access forum website. Quote Link to comment
+The A-Team Posted June 23, 2016 Share Posted June 23, 2016 This issue simply "went away" after a few hours without any changes. Just as quietly as Groundspeak turned off TLS 1.0, they've turned it back on. I bet one of these two scenarios occurred: 1. They intentionally turned off TLS 1.0, but neglected to consider the impact this would have on the users and failed to notify users either before or after the change. They now realize how much of an impact this has, and have rolled back. 2. They intended to make the change at some point in the future, but the change was mistakenly made before communication was ready. The mistake was caught and rolled back. I'd like to think this was simply an unintentional mistake, but I fear it may have actually been closer to scenario 1. based on past experience. @Groundspeak, here's a good reference for how much of an impact this would have. While you're changing this, you might want to consider doing some other "hardening" at the same time. SSL Labs gives you a "B" rating, but it probably wouldn't take much effort to get that up to an "A" with sorting of cipher suites and updating SSL certs. We recently did this on a number of servers at my company and there's a tool which makes this process very easy. Quote Link to comment
stebu Posted June 23, 2016 Share Posted June 23, 2016 Just as quietly as Groundspeak turned off TLS 1.0, they've turned it back on. I bet one of these two scenarios occurred: 1. They intentionally turned off TLS 1.0, but neglected to consider the impact this would have on the users and failed to notify users either before or after the change. They now realize how much of an impact this has, and have rolled back. 2. They intended to make the change at some point in the future, but the change was mistakenly made before communication was ready. The mistake was caught and rolled back. I'd like to think this was simply an unintentional mistake, but I fear it may have actually been closer to scenario 1. based on past experience. @Groundspeak, here's a good reference for how much of an impact this would have. While you're changing this, you might want to consider doing some other "hardening" at the same time. SSL Labs gives you a "B" rating, but it probably wouldn't take much effort to get that up to an "A" with sorting of cipher suites and updating SSL certs. We recently did this on a number of servers at my company and there's a tool which makes this process very easy. Words of wisdom! Quote Link to comment
+niraD Posted June 23, 2016 Share Posted June 23, 2016 "Good judgment comes from experience, and a lot of that comes from bad judgment." - Will Rogers Quote Link to comment
+Lineflyer Posted June 24, 2016 Share Posted June 24, 2016 Groundspeak should also consider, that millions of older mobile devices out there are not supporting anything higher than TSL1.0 (e.g. Android devices below version 5.0). You can easily see this in the chapter "Handshake simulation" on https://www.ssllabs.com/ssltest/analyze.html?d=www.geocaching.com I wasn't able to access the website anymore yesterday with my android tablet running 4.x. Quote Link to comment
+SammysHP Posted June 24, 2016 Share Posted June 24, 2016 While you're changing this, you might want to consider doing some other "hardening" at the same time. SSL Labs gives you a "B" rating, but it probably wouldn't take much effort to get that up to an "A" with sorting of cipher suites and updating SSL certs. We recently did this on a number of servers at my company and there's a tool which makes this process very easy. In fact they had an A rating with the new configuration (and with a better signature algorithm for one certificate in the chain they would have had an A+ rating). It's sad that there is no official statement from Groundspeak. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.