Description of problem: After updating Firefox, in many cases accessing a site via HTTPS results in NS_ERROR_NET_INADEQUATE_SECURITY. This includes: • mozilla.org; • duckduckgo.com; • fedoraproject.org; • google.com. (I presume that at least some of those sites are secure). Version-Release number of selected component (if applicable): 57.0.1-1.fc27 Steps to Reproduce: 1. Open Firefox. 2. Go to https://google.com. Actual results: In Polish: “Połączenie nie gwarantuje bezpieczeństwa Strona próbowała wynegocjować niewystarczający poziom zabezpieczeń. google.com używa przestarzałej i podatnej na ataki technologii bezpieczeństwa. Atakujący mógłby łatwo odszyfrować informacje, które miały być bezpieczne. Administrator strony musi naprawić serwer, zanim będzie można ją odwiedzić. Kod błędu: NS_ERROR_NET_INADEQUATE_SECURITY” Expected results: Google search site should load.
Kai, any idea here?
Does your network environment have a transparent proxy that downgrades the security of the SSL/TLS traffic?
Likely not. The solution described on https://support.mozilla.org/pl/questions/1197052 (upgrading nss) has solved the issue. I’m not closing the bug though since it suggests a problem with package dependencies.
Firefox didn't pull in the newest nss packages automatically? Martin, I recommend that you increase the nss dependency every time you rebase firefox to a newer version, we always release a new nss for each new firefox.
I see. Looks like we don't use the nss/nspr version autodetection due to often failures here and we forget to version up NSS in the FF package. Thanks for the tip. Adding to firefox-57.0.4-1.
Should be fixed now.