SSL error no cypher overlap

[nakedfrog]

Yeah, it just popped up again, and it is indeed the same error:

forums.anandtech.com uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe.
Advanced info: SSL_ERROR_NO_CYPHER_OVERLAP

 

[master_shake_]

just got this error.

it's only when you have google as a start page but not the https://www.google.ca or com.

when it adds the ssl itself.

 

[Titillating]

We've made very little headway on this issue. We're unable to reproduce it on our end in any way, and our network admin can't find any issues in our DNS setup.

He's requested that anybody encountering this issue run the following command:

(linux) dig +trace +additional forums.anandtech.com
(windows) nslookup -query=any anandtech.com

If you could please do that and PM me your results (a screenshot will do if you can't get the text), I'll forward them along and see what he can make of them.

 

[Ken g6]

Yay! I'm not alone anymore!

I'll try to remember to do that test in a few hours.

 

[nakedfrog]

Given that it's intermittent for me, I'll run those next time I hit the error and see if it's any different than when I don't.

 

[Titillating]

Much appreciated, guys. We'd really like to resolve this problem and any leads you guys can provide will help. Many thanks, particularly to @Ken g6, for all your patience on this!

 

[nakedfrog]

I didn't see any difference, but I sent nslookup results from two PCs on two different networks.

 

[Pantoot]

nslookup output sent.
hope you guys see something in it, let me know if you think of anything else you would care to see.

 

[master_shake_]

i had looked at the advanced part of the error and the ssl certificate was not for anandtech.

come to think of it the only time i had that issue was at work.

different isp... i wonder if they are trying to inject ads?

 

[ViRGE]

i had looked at the advanced part of the error and the ssl certificate was not for anandtech.

come to think of it the only time i had that issue was at work.

different isp... i wonder if they are trying to inject ads?

The new forums look to be using a CDN. Maybe you're getting the cert for Edgecast instead of the AnandTech cert?

 

[Ken g6]

New i had looked at the advanced part of the error and the ssl certificate was not for anandtech.

That's not the issue I'm having. The error message I get doesn't have an "Advanced" button to click. I've already complained to Mozilla about the lack of such a button in Firefox.

 

[master_shake_]

That's not the issue I'm having. The error message I get doesn't have an "Advanced" button to click. I've already complained to Mozilla about the lack of such a button in Firefox.

that's odd i was using firefox.

 

[master_shake_]

The new forums look to be using a CDN. Maybe you're getting the cert for Edgecast instead of the AnandTech cert?

definitely wasn't for that.

 

[Red Squirrel]

I got it a few times too, it looks like the cert is for some akamai sites or something? Did AT get hacked?

 

[Ken g6]

I got it a few times too, it looks like the cert is for some akamai sites or something? Did AT get hacked?

That's a different error. My error seems to have gone away since the slowness issue was fixed on Thursday.

 

[Titillating]

For anybody else who has run into the SSL error, can you confirm for me whether it's still a problem or not? Appears to have been resolved for Ken g6.

 

[nakedfrog]

I'll keep an eye out, it had been relatively frequent for me.

 

[KillerBee]

For anybody else who has run into the SSL error, can you confirm for me whether it's still a problem or not? Appears to have been resolved for Ken g6.

It's hard to say if it's fixed since it was so intermittent - only saw it happen once myself.
Can you say what changes were made on your end?

 

[Titillating]

It's hard to say if it's fixed since it was so intermittent - only saw it happen once myself.
Can you say what changes were made on your end?

None to my knowledge, which is why I'm trying to get confirmation from users who have seen this error (because we haven't, at all). It's a head-scratcher.

 

[KillerBee]

None to my knowledge, which is why I'm trying to get confirmation from users who have seen this error (because we haven't, at all). It's a head-scratcher.

Thanks - will keep an eye out too

 

[master_shake_]

here's is the ssl error i get

 

[Red Squirrel]

^ Yep that's the one I got too. It's random though, like I might get it once, then hit refresh and it's gone. Though for a while it was doing it for maybe like 5-10 min (only tried for a short time).

 

[nakedfrog]

That's clearly a CDN SSL, the "no cypher" one I was getting explicitly referenced forums.anandtech.com, whereas that screenshot is for Akamai.

So for today I haven't seen recurrence of the no cypher error.

 

[KillerBee]

None to my knowledge, which is why I'm trying to get confirmation from users who have seen this error (because we haven't, at all). It's a head-scratcher.

In case you missed the other thread check out this article
Here's the same problem from that same akamai.net ( 2 and 1/2 years ago)
http://www.zdnet.com/article/akamais-https-fail-sets-a-bad-example/


ironically just started seeing this error now again
The certificate is only valid for the following names: a248.e.akamai.net, *.akamaihd.net, *.akamaihd-staging.net, *.akamaized.net, *.akamaized-staging.net

 

[Elixer]

here's is the ssl error i get

That is what I got as well, as I posted here https://forums.anandtech.com/threads/invalid-security-certs.2485080/
I haven't seen this error again though...