I cannot get to Amtrak's web site...

[Jean-David Beyer]

For the last several months, I have been unable to use Amtrak's web
site. When I try to get to Amtrak's web site:

https://www.amtrak.com/home

I get the following:

Secure Connection Failed

An error occurred during a connection to www.amtrak.com. Cannot
communicate securely with peer: no common encryption algorithm(s). Error
code: SSL_ERROR_NO_CYPHER_OVERLAP

The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

Learn more…

Report errors like this to help Mozilla identify and block malicious sites


All very well, but I cannot contact the website owners to inform them
of this problem because the only effective way to do this is on their
web site.

I did find a way to e-mail them, but they do not respond; the e-mail did
not bounce, but they just ignored it.

I am running

firefox-60.1.0-6.el6.x86_64

also known as

Firefox Quantum 60.1.0esr (64-bit)

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net
^^-^^ 06:25:01 up 27 days, 6:15, 2 users, load average: 4.43, 4.46, 4.47

[Luis]

Jean-David Beyer wrote:
> For the last several months, I have been unable to use Amtrak's web
> site. When I try to get to Amtrak's web site:
>
> https://www.amtrak.com/home
>
> I get the following:
>
> Secure Connection Failed
>
> An error occurred during a connection to www.amtrak.com. Cannot
> communicate securely with peer: no common encryption algorithm(s). Error
> code: SSL_ERROR_NO_CYPHER_OVERLAP
>
> The page you are trying to view cannot be shown because the
> authenticity of the received data could not be verified.
> Please contact the website owners to inform them of this problem.
>
> Learn more…
>
> Report errors like this to help Mozilla identify and block malicious sites
>
>
> All very well, but I cannot contact the website owners to inform them
> of this problem because the only effective way to do this is on their
> web site.
>
> I did find a way to e-mail them, but they do not respond; the e-mail did
> not bounce, but they just ignored it.
>
> I am running
>
> firefox-60.1.0-6.el6.x86_64
>
> also known as
>
> Firefox Quantum 60.1.0esr (64-bit)
>

No problem here. Be patient and try again.

[Jean-David Beyer]

How much patience is required? I have been trying for months.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 08:25:01 up 27 days, 8:15, 2 users, load average: 4.39, 4.29, 4.32

[Wolf K]

The most common cause of FF glitches is add-ons or a website with too
many errors. No problems accessing the site here, so add-ons is more
likely. Try starting FF in safe Mode (no add-ons running). Then enable
one at a time until the glitch occurs.

But since "Secure Connection Failed", I speculate that the AMT is not
recognising you as legit seeker after service. (You don't mention
problems with other websites). Try deleting all Amtrak cookies. The
website will set new ones as needed.

Options - History - look for "Remove individual cookies" and click. FF
sorts the cookies by source, so highlight Amtrak and Remove. Restart FF
and try again.

No guarantees, but worth a try.

Good luck,


--
Wolf K
kirkwood40.blogspot.com
It's called an "opinion" because it's not a fact.

[Rav]

On 8/7/2018 6:34 AM, Jean-David Beyer wrote:
> For the last several months, I have been unable to use Amtrak's web
> site. When I try to get to Amtrak's web site:
>
> https://www.amtrak.com/home
>
> I get the following:
>
> Secure Connection Failed
>
> An error occurred during a connection to www.amtrak.com. Cannot
> communicate securely with peer: no common encryption algorithm(s). Error
> code: SSL_ERROR_NO_CYPHER_OVERLAP
>
> The page you are trying to view cannot be shown because the
> authenticity of the received data could not be verified.
> Please contact the website owners to inform them of this problem.
>
> Learn more…
>
> Report errors like this to help Mozilla identify and block malicious sites
>
>
> All very well, but I cannot contact the website owners to inform them
> of this problem because the only effective way to do this is on their
> web site.
>
> I did find a way to e-mail them, but they do not respond; the e-mail did
> not bounce, but they just ignored it.
>
> I am running
>
> firefox-60.1.0-6.el6.x86_64
>
> also known as
>
> Firefox Quantum 60.1.0esr (64-bit)
>

Just in case, have you tried running in safe mode (Restart with Add-ons
disabled), and have you tried with a brand-new (temporary at least)
profile? Perhaps delete any existing Amtrak cookies. Do any of those
help? The only other thing I can think of is that your TLS (Transport
Layer Security) settings are incorrect in some way, but I don't
understand them well enough to help there.

[John McGaw]

On 8/7/2018 6:34 AM, Jean-David Beyer wrote:

> For the last several months, I have been unable to use Amtrak's web
> site. When I try to get to Amtrak's web site:
>
> https://www.amtrak.com/home
>
> I get the following:
>
> Secure Connection Failed
>
> An error occurred during a connection to www.amtrak.com. Cannot
> communicate securely with peer: no common encryption algorithm(s). Error
> code: SSL_ERROR_NO_CYPHER_OVERLAP
>
> The page you are trying to view cannot be shown because the
> authenticity of the received data could not be verified.
> Please contact the website owners to inform them of this problem.
>
> Learn more…
>
> Report errors like this to help Mozilla identify and block malicious sites
>
>
> All very well, but I cannot contact the website owners to inform them
> of this problem because the only effective way to do this is on their
> web site.
>
> I did find a way to e-mail them, but they do not respond; the e-mail did
> not bounce, but they just ignored it.
>
> I am running
>
> firefox-60.1.0-6.el6.x86_64
>
> also known as
>
> Firefox Quantum 60.1.0esr (64-bit)
>

As Luis wrote, it works here but with FF 62.0b14 (64 bit). I know that
doesn't help you with your problem but it does show that the site is live
and works with FF. Have you tried accessing the site with some other
browser? If you don't have one you can install one temporarily in just a
few minutes. Are you doing anything "unusual" with your connection such as
proxy or VPN or a firewall? Are you going through a company network or your
own at home? Do you have add-ons in FF?

[WaltS48]

Are you running an anti-virus app? Try disabling it.

--
CPU: 3.2 Ghz AMD Athlon(tm) II X3 455 Processor
RAM: 8 GiB
Graphics: GeForce GT 630/PCIe/SSE2
OS: Ubuntu Linux 18.04LTS - Gnome Desktop

[David E. Ross]

On 8/7/2018 3:34 AM, Jean-David Beyer wrote:
> For the last several months, I have been unable to use Amtrak's web
> site. When I try to get to Amtrak's web site:
>
> https://www.amtrak.com/home
>
> I get the following:
>
> Secure Connection Failed
>
> An error occurred during a connection to www.amtrak.com. Cannot
> communicate securely with peer: no common encryption algorithm(s). Error
> code: SSL_ERROR_NO_CYPHER_OVERLAP
>
> The page you are trying to view cannot be shown because the
> authenticity of the received data could not be verified.
> Please contact the website owners to inform them of this problem.
>
> Learn more…
>
> Report errors like this to help Mozilla identify and block malicious sites
>
>
> All very well, but I cannot contact the website owners to inform them
> of this problem because the only effective way to do this is on their
> web site.
>
> I did find a way to e-mail them, but they do not respond; the e-mail did
> not bounce, but they just ignored it.
>
> I am running
>
> firefox-60.1.0-6.el6.x86_64
>
> also known as
>
> Firefox Quantum 60.1.0esr (64-bit)
>

Try <https://www.amtrak.com/home.html> instead of
<https://www.amtrak.com/home>.

--
David E. Ross
<http://www.rossde.com>

Too often, Twitter is a source of verbal vomit. Examples include Donald
Trump and Roseanne Barr.

[NFN Smith]

Jean-David Beyer wrote:
> For the last several months, I have been unable to use Amtrak's web
> site. When I try to get to Amtrak's web site:
>
> https://www.amtrak.com/home
>
> I get the following:
>
> Secure Connection Failed

I just noted in a separate thread that when you get odd behavior, the
problem is generally not "Firefox", but something specific to your
profile. Restarting in Safe Mode can reveal if there's problems with
configuration settings (including stuff from extensions), but I don't
think that's the case here.

For things like this, it's frequent that the problem can be cleared by
simply clearing your cache (and possibly your cookies), and forcing
Firefox to download new copies of all the content on the page, rather
than trying to use portions that are already in the cache.

One of the things that I do is to use the Profile Manager, and I keep a
separate profile, where virtually all of the settings are default (other
than setting it to discard all usage data when I close it down). If a
page is not behaving correctly, then I can restart Firefox using the
second profile. I can't remember a time that that hasn't produced
satisfactory results. Plus it's a hard confirmation that the problem is
coming from my user profile (whether configs or cache) and not a problem
that is generically Firefox.

Smith

[Jean-David Beyer]

On 08/07/2018 11:35 AM, NFN Smith wrote:
> Jean-David Beyer wrote:
>> For the last several months, I have been unable to use Amtrak's web
>> site. When I try to get to Amtrak's web site:
>>
>> https://www.amtrak.com/home
>>
>> I get the following:
>>
>> Secure Connection Failed
>
> I just noted in a separate thread that when you get odd behavior, the
> problem is generally not "Firefox", but something specific to your
> profile.  Restarting in Safe Mode can reveal if there's problems with
> configuration settings (including stuff from extensions), but I don't
> think that's the case here.

First, I cleared the cash and the Amtrak cookies. That did not help.
Then I restarted it in safe mode, and that did not help at all.
It is a drag to use safe mode: no menu bars, no nothing. But I could
enter Amtrak's URL and get the same error message as before.

I am beginning to think that Amtrak are using a new security scheme
that is not supported by my browser.

>
> For things like this, it's frequent that the problem can be cleared by
> simply clearing your cache (and possibly your cookies), and forcing
> Firefox to download new copies of all the content on the page, rather
> than trying to use portions that are already in the cache.

I have now done that, with no change in results.

>
> One of the things that I do is to use the Profile Manager, and I keep a
> separate profile, where virtually all of the settings are default (other
> than setting it to discard all usage data when I close it down).  If a
> page is not behaving correctly, then I can restart Firefox using the
> second profile. I can't remember a time that that hasn't produced
> satisfactory results.  Plus it's a hard confirmation that the problem is
> coming from my user profile (whether configs or cache) and not a problem
> that is generically Firefox.
>
> Smith
>

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 22:45:01 up 27 days, 22:35, 4 users, load average: 4.66, 4.54, 4.39

[Jean-David Beyer]

OK: I cleared the browser cache, and deleted the Amtrak cookies and that
did not help. I then rebooted Firefox into safe mode, and that did not
help either.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 22:50:01 up 27 days, 22:40, 2 users, load average: 4.18, 4.35, 4.34

[Jean-David Beyer]

No.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 22:10:01 up 27 days, 22:00, 2 users, load average: 4.60, 4.25, 4.13

[Jean-David Beyer]

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 22:30:01 up 27 days, 22:20, 2 users, load average: 4.29, 4.30, 4.28

[Jean-David Beyer]

I just tried Lynx browser. I can see the site, but it displays lousy
(Lynx is not a graphic browser) and I get to the site. Lynx complains
about bad html, but the error message does not stay on the screen
(overwritten by the page I landed on).

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 23:20:01 up 27 days, 23:10, 3 users, load average: 4.11, 4.35, 4.47

[Andy Burns]

Jean-David Beyer wrote:

> Secure Connection Failed

works here, FWIW.

> An error occurred during a connection to www.amtrak.com. Cannot
> communicate securely with peer: no common encryption algorithm(s). Error
> code: SSL_ERROR_NO_CYPHER_OVERLAP

Sounds like their webserver and your firefox can't agree what encryption
to use, have you made any changes to security.ssl* or security.tls*
settings in about:config?

[Rav]

You didn't say that you tried with a brand-new profile. If there are
any improperly set TLS (or other) settings, that would be taken care of
by a new profile. I think it's worth a try. If you don't know how,
here are the steps:

If Firefox is open, close it completely. Press Windows+R (while holding
down the Windows Start button, click R), which brings up the Run box.
Enter firefox.exe -P and click OK. You can create a new profile from
there, and later switch back to your current one if you want.

[VinnyB]

The Amtrack web site has not been working for quite some time. Just
like the trains.

[Andy Burns]

Jean-David Beyer wrote:

> I am beginning to think that Amtrak are using a new security scheme
> that is not supported by my browser.

For me it shows the browser/server have negotiated

TLS_ECHDE_RSA_WITH_CHACHA20_POLY1305_SHA256
256bit keys
TLS1.2

which should work in firefox 47 or later.

[Caver1]

On 08/08/2018 07:59 AM, VinnyB wrote:
>
> The Amtrack web site has not been working for quite some time. Just
> like the trains.
>

Works here just fine as others have also pointed out. Different ones are
now trying to help figure this out.

--
Caver1

[Mark Lloyd]

On 08/07/2018 09:43 AM, David E. Ross wrote:

[snip]

> Try <https://www.amtrak.com/home.html> instead of
> <https://www.amtrak.com/home>.

I get the same site with either link. Maybe they've just added the
necessary redirection so either works.

--
Mark Lloyd
http://notstupid.us/

"If a man would follow, today, the teachings of the Old Testament, he
would be a criminal. If he would follow strictly the teachings of the
New, he would be insane." -- Robert G. Ingersoll

[Mark Lloyd]

On 08/07/2018 10:35 AM, NFN Smith wrote:
> Jean-David Beyer wrote:

[snip]

> I just noted in a separate thread that when you get odd behavior, the
> problem is generally not "Firefox", but something specific to your
> profile.

Yes, and I added it's usually something related to security or privacy,
such as tracking protection (what it was the last time I had a problem).

[snip]

[Ant]

On 8/7/2018 8:35 AM, NFN Smith wrote:
....

> One of the things that I do is to use the Profile Manager, and I keep a
> separate profile, where virtually all of the settings are default (other
> than setting it to discard all usage data when I close it down).  If a
> page is not behaving correctly, then I can restart Firefox using the
> second profile. I can't remember a time that that hasn't produced
> satisfactory results.  Plus it's a hard confirmation that the problem is
> coming from my user profile (whether configs or cache) and not a problem
> that is generically Firefox.

Ditto. A new profile. Even a new OS account to test too on the same
computer.
--
"Ants are good citizens, they place group interests first." --Clarence Day
Note: A fixed width font (Courier, Monospace, etc.) is required to see
this signature correctly.
/\___/\ If crediting, then use Ant nickname and URL/link.
/ /\ /\ \ Axe ANT from its address if e-mailing privately.
| |o o| | http://antfarm.ma.cx / http://antfarm.home.dhs.org
\ _ /
( )

[Jean-David Beyer]

.... but I do not run Windows. I run

Red Hat Enterprise Linux Server release 6.10 (Santiago)

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 11:40:01 up 28 days, 11:30, 2 users, load average: 4.38, 4.75, 4.84

[Jean-David Beyer]

On 08/08/2018 06:04 AM, Andy Burns wrote:
> Jean-David Beyer wrote:
>
>> I am beginning to think  that Amtrak are using a new security scheme
>> that is not supported by my browser.
>
> For me it shows

What shows this?

> the browser/server have negotiated
>
> TLS_ECHDE_RSA_WITH_CHACHA20_POLY1305_SHA256
> 256bit keys
> TLS1.2
>
> which should work in firefox 47 or later.

I am running Firefox Quantum 60.1.0esr (64-bit) also known as
firefox-60.1.0-6.el6.x86_64

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 11:45:01 up 28 days, 11:35, 3 users, load average: 4.51, 4.69, 4.79

[Jean-David Beyer]

I have made no changes intentionally.

The only security.ssl* that is not default is:

security.ssl.errorReporting.automatic;true

and all the security.tls are default.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 11:55:01 up 28 days, 11:45, 3 users, load average: 4.39, 4.52, 4.66

[Jean-David Beyer]

On 08/08/2018 09:00 AM, FredW wrote:

> On Tue, 7 Aug 2018 06:34:23 -0400, Jean-David Beyer
> <jeand...@verizon.net> wrote:
>
>> For the last several months, I have been unable to use Amtrak's web
>> site. When I try to get to Amtrak's web site:
>>
>> https://www.amtrak.com/home
>

> I use Palemoon 27.9.4 with uBlock Origin 1.16.4.4
> I have no problems seeing the website
>
> I use Vivaldi 1.15.1147.64 with uBlock Origin 1.16.14
> I have no problems seeing the website
>
> I use Basilisk 2018.07.18 with uBlock Origin 1.16.14
> I have no problems seeing the website
>
>
> As a model railroader of US trains I am curious about your problems with
> the website of Amtrak.
> https://www.american-rails.com/amtrak.html
>
That link works fine, but I do not think it has anything to do with Amtrak.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 12:00:01 up 28 days, 11:50, 3 users, load average: 4.48, 4.50, 4.61

[Jean-David Beyer]

On 08/08/2018 10:59 AM, Mark Lloyd wrote:
> On 08/07/2018 09:43 AM, David E. Ross wrote:
>
> [snip]
>
>> Try <https://www.amtrak.com/home.html> instead of
>> <https://www.amtrak.com/home>.
>
> I get the same site with either link. Maybe they've just added the
> necessary redirection so either works.
>

So do I. The same bad results in any case.

I try running with HTTPSanywhere disabled and use http://www.amtrak.com
and they map it to https anyway.

[Andy Burns]

Jean-David Beyer wrote:

> Andy Burns wrote:
>
>> For me it shows
>
> What shows this?

click on the (i) for "Site Information" in the left of the URL bar, then
click the chevron > to "Show Connection Details", then click the "More
Information"

the encryption details are shown under "Technical Details"

I suspect this won't help because the details are only shown for
successful encryption :-(

e.g. when I test it with
<https://rc4-md5.badssl.com/>
I presume I see the same as you?

[Andy Burns]

Jean-David Beyer wrote:

> Andy Burns wrote:
>

>> have you made any changes to security.ssl* or security.tls*
>> settings in about:config?
>
> I have made no changes intentionally.

No proxy server involved, I assume?

Could you wireshark the TCP connection to amtrack, and see what SSL
negotiation is attempted?

[Andy Burns]

Andy Burns wrote:

> Could you wireshark the TCP connection to amtrack, and see what SSL
> negotiation is attempted?

Or maybe firefox's own logging could help?

<https://developer.mozilla.org/en-US/docs/Mozilla/Debugging/HTTP_logging>

[Rav]

Sorry about that. I don't know Linux, but I did some Googling and found
these two slightly different "how to"s for Linux (hopefully a Linux guru
will offer a hand here):

.. Open a terminal and run the firefox -profilemanager command.

.. Close the application completely and make sure that it is not running
in the background. Open the terminal and execute cd (program directory)
then execute: ./firefox -profilemanager

[Chris Ilias]

On 2018-08-07 6:34 AM, Jean-David Beyer wrote:
> For the last several months, I have been unable to use Amtrak's web
> site. When I try to get to Amtrak's web site:
>
> https://www.amtrak.com/home
>
> I get the following:
>
> Secure Connection Failed
>
> An error occurred during a connection to www.amtrak.com. Cannot
> communicate securely with peer: no common encryption algorithm(s). Error
> code: SSL_ERROR_NO_CYPHER_OVERLAP

<snip>

Because the site seems to be working for everyone else, the cause of the
problem is probably not the site, but something on your computer.

We'll need some more info about your Firefox setup. Click the menu
button, then click the Help icon [?] at the bottom of the menu, and
select Troubleshooting Information, then click [Copy text to Clipboard].
Open a reply to this post, and go to Edit-->Paste to paste the info from
your Troubleshooting Information page.

--
<http://ilias.ca/links>
Mailing list/Newsgroup moderator

[Jean-David Beyer]

On 08/08/2018 12:53 PM, Andy Burns wrote:
> Jean-David Beyer wrote:
>
>> Andy Burns wrote:
>>
>>> For me it shows
>>
>> What shows this?
>
> click on the (i) for "Site Information" in the left of the URL bar, then
> click the chevron > to "Show Connection Details", then click the "More
> Information"

It does not offer "Show Connection Details",

At that point it shows a lot of boilerplate with no useful information.
If I click on "More Information", what I get is an entire screenful of
field names that are either blank, or say "Unknown". Also four buttons,
one of which does nothing (labeled Certificates), one shows some
cookies, and one shows logins. The last one (Help) shows me the useless
Firefox page for fixing things, but none apply.

> the encryption details are shown under "Technical Details"
>
> I suspect this won't help because the details are only shown for
> successful encryption :-(
>
> e.g. when I test it with
> <https://rc4-md5.badssl.com/>
> I presume I see the same as you?
>

When I go there, I get the same crap I get with Amtrak. I do not get any
technical details. Technical Details is entirely blank

When I go to Facebook, it works, and I get technical details too.
Unfortunately I cannot select them and paste them here.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 17:05:01 up 28 days, 16:55, 2 users, load average: 4.52, 4.59, 4.58

[Jean-David Beyer]

OK: you asked for it.

Give Firefox a tune up
Try Safe Mode
Troubleshooting Information
This page contains technical information that might be useful when
you’re trying to solve a problem. If you are looking for answers to
common questions about Firefox, check out our support website.
Application Basics
Name Firefox
Version 60.1.0esr
Build ID 20180709190426
Update History
User Agent Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:60.0)
Gecko/20100101 Firefox/60.0
OS Linux 2.6.32-754.2.1.el6.x86_64
Profile Directory
/home/jeandavid8/.mozilla/firefox/e3qwcrl1.default-1425525183146
Enabled Plugins about:plugins
Build Configuration about:buildconfig
Memory Use about:memory
Performance about:performance
Registered Service Workers about:serviceworkers
Multiprocess Windows 1/1 (Enabled by default)
Web Content Processes 2/4
Stylo content = false (disabled by build), chrome = false (disabled by
build)
Enterprise Policies Inactive
Google Key Found
Mozilla Location Service Key Found
Safe Mode false
Profiles about:profiles
Firefox Features
Name Version ID
Activity Stream 2018.04.20.1103-b3b95672 activit...@mozilla.org
Application Update Service Helper 2.0 aush...@mozilla.org
Firefox Screenshots 30.1.0 scree...@mozilla.org
Follow-on Search Telemetry 0.9.6 followo...@mozilla.com
Form Autofill 1.0 formau...@mozilla.org
Photon onboarding 1.0 onboa...@mozilla.org
Pocket 1.0.5 fir...@getpocket.com
Web Compat 1.1 webc...@mozilla.org
Extensions
Name Version Enabled ID
F.B Purity - Cleans up Facebook (WX) 18.0.1.20 true
fbpElect...@fbpurity.com
Flash and Video Download 3.1.9 true {bee6eb20-01e0-ebd1-da83-080329fb9a3a}
HTML5 Video Everywhere! 0.4.8 true html5-video...@lejenome.me
HTTPS Everywhere 2018.6.21 true https-ever...@eff.org
uBlock Origin 1.16.14 true uBl...@raymondhill.net
Video DownloadHelper 7.3.5 true {b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Adblock Plus 3.2 false {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
No Coin - Block miners on the web! 0.4.14 false
{5657c026-efc3-4860-b43b-16e4eaa8a9aa}
WOT Web of Trust, Website Reputation Ratings 20180622.0wot false
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
Graphics
Features
Compositing Basic
Asynchronous Pan/Zoom wheel input enabled; scrollbar drag enabled;
keyboard enabled; autoscroll enabled
WebGL 1 Driver WSI Info GLX 1.4
GLX_VENDOR(client): Mesa Project and SGI
GLX_VENDOR(server): SGI
Extensions: GLX_ARB_create_context GLX_ARB_create_context_profile
GLX_ARB_create_context_robustness GLX_ARB_fbconfig_float
GLX_ARB_framebuffer_sRGB GLX_ARB_get_proc_address GLX_ARB_multisample
GLX_EXT_import_context GLX_EXT_visual_info GLX_EXT_visual_rating
GLX_EXT_framebuffer_sRGB GLX_EXT_create_context_es2_profile
GLX_MESA_copy_sub_buffer GLX_MESA_multithread_makecurrent
GLX_MESA_query_renderer GLX_MESA_swap_control GLX_OML_swap_method
GLX_OML_sync_control GLX_SGI_make_current_read GLX_SGI_swap_control
GLX_SGI_video_sync GLX_SGIS_multisample GLX_SGIX_fbconfig
GLX_SGIX_pbuffer GLX_SGIX_visual_select_group
GLX_EXT_texture_from_pixmap GLX_INTEL_swap_event
WebGL 1 Driver Renderer X.Org -- Gallium 0.4 on AMD TURKS (DRM 2.43.0,
LLVM 3.6.2)
WebGL 1 Driver Version 3.0 Mesa 11.0.7
WebGL 1 Driver Extensions GL_ARB_multisample GL_EXT_abgr GL_EXT_bgra
GL_EXT_blend_color GL_EXT_blend_minmax GL_EXT_blend_subtract
GL_EXT_copy_texture GL_EXT_polygon_offset GL_EXT_subtexture
GL_EXT_texture_object GL_EXT_vertex_array GL_EXT_compiled_vertex_array
GL_EXT_texture GL_EXT_texture3D GL_IBM_rasterpos_clip
GL_ARB_point_parameters GL_EXT_draw_range_elements GL_EXT_packed_pixels
GL_EXT_point_parameters GL_EXT_rescale_normal
GL_EXT_separate_specular_color GL_EXT_texture_edge_clamp
GL_SGIS_generate_mipmap GL_SGIS_texture_border_clamp
GL_SGIS_texture_edge_clamp GL_SGIS_texture_lod GL_ARB_framebuffer_sRGB
GL_ARB_multitexture GL_EXT_framebuffer_sRGB GL_IBM_multimode_draw_arrays
GL_IBM_texture_mirrored_repeat GL_ARB_texture_cube_map
GL_ARB_texture_env_add GL_ARB_transpose_matrix
GL_EXT_blend_func_separate GL_EXT_fog_coord GL_EXT_multi_draw_arrays
GL_EXT_secondary_color GL_EXT_texture_env_add
GL_EXT_texture_filter_anisotropic GL_EXT_texture_lod_bias
GL_INGR_blend_func_separate GL_NV_blend_square GL_NV_light_max_exponent
GL_NV_texgen_reflection GL_NV_texture_env_combine4 GL_S3_s3tc
GL_SUN_multi_draw_arrays GL_ARB_texture_border_clamp
GL_ARB_texture_compression GL_EXT_framebuffer_object
GL_EXT_texture_compression_s3tc GL_EXT_texture_env_combine
GL_EXT_texture_env_dot3 GL_MESA_window_pos GL_NV_packed_depth_stencil
GL_NV_texture_rectangle GL_ARB_depth_texture GL_ARB_occlusion_query
GL_ARB_shadow GL_ARB_texture_env_combine GL_ARB_texture_env_crossbar
GL_ARB_texture_env_dot3 GL_ARB_texture_mirrored_repeat GL_ARB_window_pos
GL_EXT_stencil_two_side GL_EXT_texture_cube_map GL_NV_depth_clamp
GL_NV_fog_distance GL_APPLE_packed_pixels GL_APPLE_vertex_array_object
GL_ARB_draw_buffers GL_ARB_fragment_program GL_ARB_fragment_shader
GL_ARB_shader_objects GL_ARB_vertex_program GL_ARB_vertex_shader
GL_ATI_draw_buffers GL_ATI_texture_env_combine3 GL_ATI_texture_float
GL_EXT_shadow_funcs GL_EXT_stencil_wrap GL_MESA_pack_invert
GL_NV_primitive_restart GL_ARB_depth_clamp
GL_ARB_fragment_program_shadow GL_ARB_half_float_pixel
GL_ARB_occlusion_query2 GL_ARB_point_sprite GL_ARB_shading_language_100
GL_ARB_sync GL_ARB_texture_non_power_of_two GL_ARB_vertex_buffer_object
GL_ATI_blend_equation_separate GL_EXT_blend_equation_separate
GL_OES_read_format GL_ARB_color_buffer_float GL_ARB_pixel_buffer_object
GL_ARB_texture_compression_rgtc GL_ARB_texture_float
GL_ARB_texture_rectangle GL_ATI_texture_compression_3dc
GL_EXT_packed_float GL_EXT_pixel_buffer_object
GL_EXT_texture_compression_dxt1 GL_EXT_texture_compression_rgtc
GL_EXT_texture_mirror_clamp GL_EXT_texture_rectangle GL_EXT_texture_sRGB
GL_EXT_texture_shared_exponent GL_ARB_framebuffer_object
GL_EXT_framebuffer_blit GL_EXT_framebuffer_multisample
GL_EXT_packed_depth_stencil GL_ARB_vertex_array_object
GL_ATI_separate_stencil GL_ATI_texture_mirror_once GL_EXT_draw_buffers2
GL_EXT_draw_instanced GL_EXT_gpu_program_parameters GL_EXT_texture_array
GL_EXT_texture_compression_latc GL_EXT_texture_integer
GL_EXT_texture_sRGB_decode GL_EXT_timer_query GL_OES_EGL_image
GL_ARB_copy_buffer GL_ARB_depth_buffer_float GL_ARB_draw_instanced
GL_ARB_half_float_vertex GL_ARB_instanced_arrays GL_ARB_map_buffer_range
GL_ARB_texture_rg GL_ARB_texture_swizzle GL_ARB_vertex_array_bgra
GL_EXT_texture_swizzle GL_EXT_vertex_array_bgra GL_NV_conditional_render
GL_AMD_conservative_depth GL_AMD_draw_buffers_blend
GL_AMD_seamless_cubemap_per_texture GL_AMD_shader_stencil_export
GL_ARB_ES2_compatibility GL_ARB_blend_func_extended GL_ARB_debug_output
GL_ARB_draw_buffers_blend GL_ARB_draw_elements_base_vertex
GL_ARB_explicit_attrib_location GL_ARB_fragment_coord_conventions
GL_ARB_provoking_vertex GL_ARB_sample_shading GL_ARB_sampler_objects
GL_ARB_seamless_cube_map GL_ARB_shader_stencil_export
GL_ARB_shader_texture_lod GL_ARB_texture_cube_map_array
GL_ARB_texture_gather GL_ARB_texture_multisample
GL_ARB_texture_query_lod GL_ARB_texture_rgb10_a2ui
GL_ARB_uniform_buffer_object GL_ARB_vertex_type_2_10_10_10_rev
GL_EXT_provoking_vertex GL_EXT_texture_snorm GL_MESA_texture_signed_rgba
GL_NV_texture_barrier GL_ARB_get_program_binary GL_ARB_robustness
GL_ARB_separate_shader_objects GL_ARB_shader_bit_encoding
GL_ARB_texture_compression_bptc GL_ARB_timer_query
GL_ARB_transform_feedback2 GL_ARB_transform_feedback3
GL_NV_vdpau_interop GL_ANGLE_texture_compression_dxt3
GL_ANGLE_texture_compression_dxt5 GL_ARB_base_instance
GL_ARB_compressed_texture_pixel_storage GL_ARB_conservative_depth
GL_ARB_internalformat_query GL_ARB_map_buffer_alignment
GL_ARB_shading_language_420pack GL_ARB_shading_language_packing
GL_ARB_texture_storage GL_ARB_transform_feedback_instanced
GL_EXT_framebuffer_multisample_blit_scaled GL_EXT_transform_feedback
GL_AMD_shader_trinary_minmax GL_ARB_ES3_compatibility
GL_ARB_clear_buffer_object GL_ARB_explicit_uniform_location
GL_ARB_invalidate_subdata GL_ARB_program_interface_query
GL_ARB_stencil_texturing GL_ARB_texture_query_levels
GL_ARB_texture_storage_multisample GL_ARB_vertex_attrib_binding
GL_KHR_debug GL_AMD_pinned_memory GL_ARB_buffer_storage
GL_ARB_multi_bind GL_ARB_seamless_cubemap_per_texture
GL_ARB_texture_mirror_clamp_to_edge GL_ARB_texture_stencil8
GL_ARB_vertex_type_10f_11f_11f_rev GL_EXT_shader_integer_mix
GL_ARB_clip_control GL_ARB_conditional_render_inverted
GL_ARB_derivative_control GL_ARB_get_texture_sub_image
GL_ARB_pipeline_statistics_query GL_ARB_texture_barrier
GL_EXT_polygon_offset_clamp GL_KHR_context_flush_control
WebGL 1 Extensions ANGLE_instanced_arrays EXT_blend_minmax
EXT_color_buffer_half_float EXT_frag_depth EXT_sRGB
EXT_shader_texture_lod EXT_texture_filter_anisotropic
EXT_disjoint_timer_query OES_element_index_uint OES_standard_derivatives
OES_texture_float OES_texture_float_linear OES_texture_half_float
OES_texture_half_float_linear OES_vertex_array_object
WEBGL_color_buffer_float WEBGL_compressed_texture_etc
WEBGL_compressed_texture_s3tc WEBGL_compressed_texture_s3tc_srgb
WEBGL_debug_renderer_info WEBGL_debug_shaders WEBGL_depth_texture
WEBGL_draw_buffers WEBGL_lose_context
WebGL 2 Driver WSI Info GLX 1.4
GLX_VENDOR(client): Mesa Project and SGI
GLX_VENDOR(server): SGI
Extensions: GLX_ARB_create_context GLX_ARB_create_context_profile
GLX_ARB_create_context_robustness GLX_ARB_fbconfig_float
GLX_ARB_framebuffer_sRGB GLX_ARB_get_proc_address GLX_ARB_multisample
GLX_EXT_import_context GLX_EXT_visual_info GLX_EXT_visual_rating
GLX_EXT_framebuffer_sRGB GLX_EXT_create_context_es2_profile
GLX_MESA_copy_sub_buffer GLX_MESA_multithread_makecurrent
GLX_MESA_query_renderer GLX_MESA_swap_control GLX_OML_swap_method
GLX_OML_sync_control GLX_SGI_make_current_read GLX_SGI_swap_control
GLX_SGI_video_sync GLX_SGIS_multisample GLX_SGIX_fbconfig
GLX_SGIX_pbuffer GLX_SGIX_visual_select_group
GLX_EXT_texture_from_pixmap GLX_INTEL_swap_event
WebGL 2 Driver Renderer X.Org -- Gallium 0.4 on AMD TURKS (DRM 2.43.0,
LLVM 3.6.2)
WebGL 2 Driver Version 3.3 (Core Profile) Mesa 11.0.7
WebGL 2 Driver Extensions GL_ARB_ES2_compatibility
GL_ARB_ES3_compatibility GL_ARB_base_instance GL_ARB_blend_func_extended
GL_ARB_buffer_storage GL_ARB_clear_buffer_object GL_ARB_clip_control
GL_ARB_compressed_texture_pixel_storage
GL_ARB_conditional_render_inverted GL_ARB_copy_buffer
GL_ARB_conservative_depth GL_ARB_debug_output GL_ARB_depth_buffer_float
GL_ARB_depth_clamp GL_ARB_derivative_control GL_ARB_direct_state_access
GL_ARB_draw_buffers GL_ARB_draw_buffers_blend
GL_ARB_draw_elements_base_vertex GL_ARB_draw_indirect
GL_ARB_draw_instanced GL_ARB_explicit_attrib_location
GL_ARB_explicit_uniform_location GL_ARB_fragment_coord_conventions
GL_ARB_fragment_layer_viewport GL_ARB_fragment_shader
GL_ARB_framebuffer_object GL_ARB_framebuffer_sRGB
GL_ARB_get_program_binary GL_ARB_get_texture_sub_image
GL_ARB_half_float_pixel GL_ARB_half_float_vertex GL_ARB_instanced_arrays
GL_ARB_internalformat_query GL_ARB_invalidate_subdata
GL_ARB_map_buffer_alignment GL_ARB_map_buffer_range GL_ARB_multi_bind
GL_ARB_multi_draw_indirect GL_ARB_occlusion_query2
GL_ARB_pipeline_statistics_query GL_ARB_pixel_buffer_object
GL_ARB_point_sprite GL_ARB_program_interface_query
GL_ARB_provoking_vertex GL_ARB_robustness GL_ARB_sample_shading
GL_ARB_sampler_objects GL_ARB_seamless_cube_map
GL_ARB_seamless_cubemap_per_texture GL_ARB_separate_shader_objects
GL_ARB_shader_bit_encoding GL_ARB_shader_objects
GL_ARB_shader_stencil_export GL_ARB_shader_subroutine
GL_ARB_shader_texture_lod GL_ARB_shading_language_packing
GL_ARB_shading_language_420pack GL_ARB_stencil_texturing GL_ARB_sync
GL_ARB_texture_barrier GL_ARB_texture_buffer_object
GL_ARB_texture_buffer_object_rgb32 GL_ARB_texture_buffer_range
GL_ARB_texture_compression_bptc GL_ARB_texture_compression_rgtc
GL_ARB_texture_cube_map_array GL_ARB_texture_float GL_ARB_texture_gather
GL_ARB_texture_mirror_clamp_to_edge GL_ARB_texture_multisample
GL_ARB_texture_non_power_of_two GL_ARB_texture_query_levels
GL_ARB_texture_query_lod GL_ARB_texture_rectangle
GL_ARB_texture_rgb10_a2ui GL_ARB_texture_rg GL_ARB_texture_stencil8
GL_ARB_texture_storage GL_ARB_texture_storage_multisample
GL_ARB_texture_swizzle GL_ARB_timer_query GL_ARB_transform_feedback2
GL_ARB_transform_feedback3 GL_ARB_transform_feedback_instanced
GL_ARB_uniform_buffer_object GL_ARB_vertex_array_bgra
GL_ARB_vertex_array_object GL_ARB_vertex_attrib_binding
GL_ARB_vertex_shader GL_ARB_vertex_type_10f_11f_11f_rev
GL_ARB_vertex_type_2_10_10_10_rev GL_ARB_viewport_array GL_EXT_abgr
GL_EXT_blend_equation_separate GL_EXT_draw_buffers2
GL_EXT_draw_instanced GL_EXT_framebuffer_blit
GL_EXT_framebuffer_multisample
GL_EXT_framebuffer_multisample_blit_scaled GL_EXT_framebuffer_sRGB
GL_EXT_packed_depth_stencil GL_EXT_packed_float
GL_EXT_pixel_buffer_object GL_EXT_polygon_offset_clamp
GL_EXT_provoking_vertex GL_EXT_shader_integer_mix GL_EXT_texture_array
GL_EXT_texture_compression_dxt1 GL_ANGLE_texture_compression_dxt3
GL_ANGLE_texture_compression_dxt5 GL_EXT_texture_compression_latc
GL_EXT_texture_compression_rgtc GL_EXT_texture_compression_s3tc
GL_EXT_texture_filter_anisotropic GL_EXT_texture_integer
GL_EXT_texture_mirror_clamp GL_EXT_texture_shared_exponent
GL_EXT_texture_snorm GL_EXT_texture_sRGB GL_EXT_texture_sRGB_decode
GL_EXT_texture_swizzle GL_EXT_timer_query GL_EXT_transform_feedback
GL_EXT_vertex_array_bgra GL_OES_EGL_image GL_OES_read_format
GL_KHR_debug GL_KHR_context_flush_control GL_AMD_conservative_depth
GL_AMD_draw_buffers_blend GL_AMD_pinned_memory
GL_AMD_seamless_cubemap_per_texture GL_AMD_shader_stencil_export
GL_AMD_shader_trinary_minmax GL_AMD_vertex_shader_layer
GL_AMD_vertex_shader_viewport_index GL_ATI_blend_equation_separate
GL_ATI_texture_compression_3dc GL_ATI_texture_float
GL_ATI_texture_mirror_once GL_IBM_multimode_draw_arrays
GL_MESA_pack_invert GL_MESA_texture_signed_rgba GL_NV_conditional_render
GL_NV_depth_clamp GL_NV_packed_depth_stencil GL_NV_texture_barrier
GL_NV_vdpau_interop GL_S3_s3tc
WebGL 2 Extensions EXT_color_buffer_float EXT_texture_filter_anisotropic
EXT_disjoint_timer_query OES_texture_float_linear
WEBGL_compressed_texture_etc WEBGL_compressed_texture_s3tc
WEBGL_compressed_texture_s3tc_srgb WEBGL_debug_renderer_info
WEBGL_debug_shaders WEBGL_lose_context
GPU #1
Active Yes
Description X.Org -- Gallium 0.4 on AMD TURKS (DRM 2.43.0, LLVM 3.6.2)
Vendor ID X.Org
Device ID Gallium 0.4 on AMD TURKS (DRM 2.43.0, LLVM 3.6.2)
Driver Version 3.0 Mesa 11.0.7
Diagnostics
AzureCanvasAccelerated 0
AzureCanvasBackend skia
AzureContentBackend skia
AzureFallbackCanvasBackend none
CairoUseXRender 0
Decision Log
HW_COMPOSITING
blocked by default: Acceleration blocked by platform
OPENGL_COMPOSITING
unavailable by default: Hardware compositing is disabled
WEBRENDER
opt-in by default: WebRender is an opt-in feature
unavailable by runtime: Build doesn't include WebRender
OMTP
disabled by default: Disabled by default
Media
Audio Backend remote
Max Channels 2
Preferred Channel Layout stereo
Preferred Sample Rate 44100
Output Devices
Name Group Vendor State Preferred Format Channels Rate Latency
Internal Audio Analog Stereo
/devices/pci0000:00/0000:00:1b.0/sound/card0 Intel Corporation Enabled
All default: S16LE, support: S16LE S16BE F32LE F32BE 2 default: 44100,
support: 1 - 192000 0 - 0
Input Devices
Name Group Vendor State Preferred Format Channels Rate Latency
Monitor of Internal Audio Analog Stereo
/devices/pci0000:00/0000:00:1b.0/sound/card0 Intel Corporation Enabled
All default: S16LE, support: S16LE S16BE F32LE F32BE 2 default: 44100,
support: 1 - 192000 0 - 0
Important Modified Preferences
Name Value accessibility.typeaheadfind.flashBar 0
browser.cache.disk.capacity 358400
browser.cache.disk.filesystem_reported 1
browser.cache.disk.hashstats_reported 1
browser.cache.disk.smart_size_cached_value 358400
browser.cache.disk.smart_size.first_run false
browser.cache.disk.smart_size.use_old_max false
browser.cache.frecency_experiment 3
browser.display.background_color #FFFFCC
browser.places.smartBookmarksVersion 8
browser.search.suggest.enabled false
browser.search.useDBForOrder true
browser.sessionstore.upgradeBackup.latestBuildID 20180709190426
browser.startup.homepage https://my.fool.com/
browser.startup.homepage_override.buildID 20180709190426
browser.startup.homepage_override.mstone 60.1.0
browser.tabs.remote.autostart.2 true
browser.urlbar.daysBeforeHidingSuggestionsPrompt 0
browser.urlbar.lastSuggestionsPromptDate 20170814
browser.urlbar.matchBuckets general:5,suggestion:Infinity
browser.urlbar.placeholderName DuckDuckGo
browser.urlbar.timesBeforeHidingSuggestionsHint 0
dom.apps.reset-permissions true
dom.forms.autocomplete.formautofill true
dom.max_chrome_script_run_time 40
dom.max_script_run_time 40
dom.mozApps.used true
extensions.lastAppVersion 60.1.0
font.default.x-western sans-serif
font.internaluseonly.changed true
font.minimum-size.x-western 12
font.name.monospace.x-western DejaVu Sans Mono
font.name.sans-serif.x-western DejaVu Sans
font.name.serif.x-western DejaVu Serif
font.size.fixed.x-western 20
font.size.variable.x-western 36
general.autoScroll true
gfx.crash-guard.glcontext.appVersion 45.8.0
gfx.crash-guard.glcontext.deviceID Gallium 0.4 on AMD TURKS (DRM 2.43.0,
LLVM 3.6.2)
gfx.crash-guard.glcontext.driverVersion 3.0 Mesa 11.0.7
gfx.crash-guard.status.glcontext 2
media.eme.enabled true
media.gmp-gmpopenh264.abi x86_64-gcc3
media.gmp-gmpopenh264.enabled true
media.gmp-gmpopenh264.lastUpdate 1530235555
media.gmp-gmpopenh264.version 1.7.1
media.gmp-manager.buildID 20180709190426
media.gmp-manager.lastCheck 1533695657
media.gmp-widevinecdm.abi x86_64-gcc3
media.gmp-widevinecdm.lastUpdate 1530214077
media.gmp-widevinecdm.version 1.4.8.1008
media.gmp.storage.version.observed 1
media.webrtc.debug.aec_log_dir /tmp
media.webrtc.debug.log_file /tmp/WebRTC.log
network.cookie.prefsMigrated true
network.dns.disablePrefetch true
network.http.speculative-parallel-limit 0
network.predictor.cleaned-up true
network.predictor.enabled false
network.prefetch-next false
places.database.lastMaintenance 1533583464
places.history.expiration.transient_current_max_pages 146216
plugin.disable_full_page_plugin_for_types
application/pdf,video/mp4,video/x-msvideo,video/x-ms-asf,video/x-ms-wm,audio/x-ms-wma,video/quicktime,video/x-ms-wmv
plugin.importedState true
plugin.soname.list
plugin.state.flash 2
plugin.state.libtotem-narrowspace-plugin 1
print.print_bgcolor false
print.print_bgimages false
print.print_colorspace default
print.print_downloadfonts false
print.print_duplex 1
print.print_evenpages true
print.print_margin_bottom 0.5
print.print_margin_left 0.5
print.print_margin_right 0.5
print.print_margin_top 0.5
print.print_oddpages true
print.print_orientation 0
print.print_page_delay 50
print.print_paper_data 0
print.print_paper_height 279.40
print.print_paper_name ppd_Letter.Duplex
print.print_paper_size_type 1
print.print_paper_size_unit 1
print.print_paper_width 215.90
print.print_plex_name default
print.print_resolution_name default
print.print_scaling 0.80
print.print_shrink_to_fit true
print.print_to_file false
print.print_unwriteable_margin_bottom 11
print.print_unwriteable_margin_left 13
print.print_unwriteable_margin_right 13
print.print_unwriteable_margin_top 24
privacy.cpd.cookies false
privacy.cpd.downloads false
privacy.cpd.history false
privacy.cpd.sessions false
privacy.sanitize.migrateFx3Prefs true
privacy.sanitize.pending []
security.disable_button.openCertManager false
security.sandbox.content.tempDirSuffix c6ccb804-cecc-4b3f-b098-5989383559ae
security.ssl.errorReporting.automatic true
services.sync.declinedEngines
services.sync.engine.addresses.available true
storage.vacuum.last.index 0
storage.vacuum.last.places.sqlite 1533733827
Important Locked Preferences
Name Value
Places Database
Integrity
JavaScript
Incremental GC true
Accessibility
Activated false
Prevent Accessibility 0
Library Versions
Expected minimum version Version in use
NSPR 4.19 Beta 4.19 Beta
NSS 3.36 3.36
NSSSMIME 3.36 3.36
NSSSSL 3.36 3.36
NSSUTIL 3.36 3.36
Experimental Features
Name ID Description Active End Date Homepage Branch
Sandbox
Seccomp-BPF (System Call Filtering) false
Seccomp Thread Synchronization false
User Namespaces false
Content Process Sandboxing false
Media Plugin Sandboxing false
Content Process Sandbox Level 4
Effective Content Process Sandbox Level 4
Rejected System Calls
# Seconds Ago PID TID Process Type Syscall Arguments
Internationalization & Localization
Application Settings
Requested Locales ["en-US"]
Available Locales
["ach","af","an","ar","as","ast","az","be","bg","bn-BD","bn-IN","br","bs","ca","cak","cs","cy","da","de","dsb","el","en-GB","en-ZA","eo","es-AR","es-CL","es-ES","es-MX","et","eu","fa","ff","fi","fr","fy-NL","ga-IE","gd","gl","gn","gu-IN","he","hi-IN","hr","hsb","hu","hy-AM","ia","id","is","it","ja","ka","kab","kk","km","kn","ko","lij","lt","lv","mai","mk","ml","mr","ms","my","nb-NO","ne-NP","nl","nn-NO","oc","or","pa-IN","pl","pt-BR","pt-PT","rm","ro","ru","si","sk","sl","son","sq","sr","sv-SE","ta","te","th","tr","uk","ur","uz","vi","xh","zh-CN","zh-TW","en-US"]
App Locales ["en-US","en-GB","en-ZA","und"]
Regional Preferences ["en-US"]
Default Locale "und"
Operating System
System Locales ["en-US"]
Regional Preferences ["en-US"]

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 17:25:01 up 28 days, 17:15, 2 users, load average: 4.87, 4.55, 4.47

[James Moe]

On 08/07/2018 07:31 PM, Jean-David Beyer wrote:

> An error occurred during a connection to www.amtrak.com. Cannot
> communicate securely with peer: no common encryption algorithm(s). Error
> code: SSL_ERROR_NO_CYPHER_OVERLAP
>

Entering SSL_ERROR_NO_CYPHER_OVERLAP into a search engine yields,
among many others:

https://www.ryananddebi.com/2014/12/10/bypassing-the-ssl_error_no_cypher_overlap-error-in-firefox-34/

http://forums.mozillazine.org/viewtopic.php?f=38&t=2301041

https://support.mozilla.org/en-US/questions/1043800

--
James Moe
jmm-list at sohnen-moe dot com
Think.

[Wolf K]

On 2018-08-08 11:45, Jean-David Beyer wrote:
> On 08/08/2018 07:45 AM, Rav wrote:

[...]

>> If Firefox is open, close it completely.  Press Windows+R (while holding
>> down the Windows Start button, click R), which brings up the Run box.
>> Enter firefox.exe -P and click OK.  You can create a new profile from
>> there, and later switch back to your current one if you want.
>
> .... but I do not run Windows. I run
>
> Red Hat Enterprise Linux Server release 6.10 (Santiago)

Ask for advice on a Linux group.


--
Wolf K
kirkwood40.blogspot.com
It's called an "opinion" because it's not a fact.

[Jean-David Beyer]

On 08/08/2018 05:34 PM, James Moe wrote:
> On 08/07/2018 07:31 PM, Jean-David Beyer wrote:
>
>> An error occurred during a connection to www.amtrak.com. Cannot
>> communicate securely with peer: no common encryption algorithm(s). Error
>> code: SSL_ERROR_NO_CYPHER_OVERLAP
>>
> Entering SSL_ERROR_NO_CYPHER_OVERLAP into a search engine yields,
> among many others:
>
> https://www.ryananddebi.com/2014/12/10/bypassing-the-ssl_error_no_cypher_overlap-error-in-firefox-34/

I looked at that. But I do not want to bypass it, I want it to work. I
do not know if Amtrak did something that prevents my Firefox from
seeing their website, or if Firefox stopped a cypher that is needed for
Amtrak's web site. Since so many claim to see the Amtrak website with
Firefox, it must be either my version of Firefox (the latest supported
by my Linux distribution, or something really obscure.
>
> http://forums.mozillazine.org/viewtopic.php?f=38&t=2301041

There are only four that are modified.

capability.policy.maonoscript.sites [snip]

security.disable_button.openCertManager;false
security.sandbox.content.tempDirSuffix;c6ccb804-cecc-4b3f-b098-5989383559ae
security.ssl.errorReporting.automatic;true
>

> https://support.mozilla.org/en-US/questions/1043800
>
security.ssl.errorReporting.automatic;true
capability.policy.maonoscript.sites [snip]

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 21:05:02 up 28 days, 20:55, 2 users, load average: 4.70, 4.83, 4.87

[J. P. Gilliver (John)]

In message
<mailman.198.153379809...@lists.mozilla.org>, Wolf K

<wol...@sympatico.ca> writes:
>On 2018-08-08 11:45, Jean-David Beyer wrote:
>> On 08/08/2018 07:45 AM, Rav wrote:
>[...]
>>> If Firefox is open, close it completely.  Press Windows+R (while holding
>>> down the Windows Start button, click R), which brings up the Run box.
>>> Enter firefox.exe -P and click OK.  You can create a new profile from
>>> there, and later switch back to your current one if you want.
>> .... but I do not run Windows. I run
>> Red Hat Enterprise Linux Server release 6.10 (Santiago)
>
>Ask for advice on a Linux group.
>
>

This is, I think, a Firefox support 'group, not a Windows-only Firefox
support 'group. Some posts from Linux users giving the Linux equivalent
of using -p have I think already been posted.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Never be led astray onto the path of virtue.

[Jean-David Beyer]

On 08/08/2018 07:45 PM, Wolf K wrote:
> On 2018-08-08 11:45, Jean-David Beyer wrote:
>> On 08/08/2018 07:45 AM, Rav wrote:
> [...]
>>> If Firefox is open, close it completely.  Press Windows+R (while holding
>>> down the Windows Start button, click R), which brings up the Run box.
>>> Enter firefox.exe -P and click OK.  You can create a new profile from
>>> there, and later switch back to your current one if you want.
>>
>> .... but I do  not run Windows. I run
>>
>> Red Hat Enterprise Linux Server release 6.10 (Santiago)
>
> Ask for advice on a Linux group.
>
>

The Linux group ant the Linuz Questions group both suggested this one.
Catch 22?

I tend to think you are right though. It really seems to me that if so
many people can see this one web site, even using current versions of
Firefox, that it must have something to do with the OS or the settings
or something.

I mean I used to (i.e., for decades) be able to access the Amtrak web
site. And then at some point, I no longer could do it. Since I by no
means access that site every day or even every week, I cannot tell if
the problem is due to an update of Firefox or an update of the web site.
And I cannot get any help from Amtrak since they use only the web for
help, and I cannot get in touch with them on the web: that is the
problem. Firefox's error message even suggests I get in touch with
Amtrak. Catch 23?

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 07:25:01 up 29 days, 7:15, 0 users, load average: 4.14, 4.08, 4.08

[Andy Burns]

Jean-David Beyer wrote:

> It really seems to me that if so
> many people can see this one web site, even using current versions of
> Firefox, that it must have something to do with the OS or the settings
> or something.

I haven't followed the full thread, but have you tried a clean profile
in firefox, or safe-mode?

[Mark Lloyd]

On 08/08/2018 11:06 AM, Jean-David Beyer wrote:

[snip]

> I try running with HTTPSanywhere disabled and use http://www.amtrak.com
> and they map it to https anyway.

I would expect a lot of sites to do that.

--
Mark Lloyd
http://notstupid.us/

"The truths of religion are never so well understood as by those who
have lost the power or reasoning." -- Voltaire, Philosophical
Dictionary, 1764

[Wolf K]

On 2018-08-09 03:29, J. P. Gilliver (John) wrote:
> In message
> <mailman.198.153379809...@lists.mozilla.org>, Wolf K
> <wol...@sympatico.ca> writes:
>> On 2018-08-08 11:45, Jean-David Beyer wrote:
>>> On 08/08/2018 07:45 AM, Rav wrote:
>> [...]
>>>> If Firefox is open, close it completely.  Press Windows+R (while
>>>> holding
>>>> down the Windows Start button, click R), which brings up the Run box.
>>>> Enter firefox.exe -P and click OK.  You can create a new profile from
>>>> there, and later switch back to your current one if you want.
>>>  .... but I do  not run Windows. I run
>>>  Red Hat Enterprise Linux Server release 6.10 (Santiago)
>>
>> Ask for advice on a Linux group.
>>
>>
> This is, I think, a Firefox support 'group, not a Windows-only Firefox
> support 'group. Some posts from Linux users giving the Linux equivalent
> of using -p have I think already been posted.

True, but there may be a few more people with relevant knowledge in the
Linux group. Since nobody else seems to have a problem getting to teh
Amtrak websitet, it's almost certainly a problem on OP's system, Either
his FF p[profile has problems, or FF and Redhat ... Server doesn't like
FF any more. Whatever the case, it can't hurt to ask on a (Red Hat)
Linux group.

Have a good day,

[Jean-David Beyer]

I cleaned out the cache, removed the Amtrak cookies, and ran in safe
mode. Nothing helped.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 13:00:01 up 29 days, 12:50, 3 users, load average: 4.25, 4.48, 4.54

[Chris Ilias]

On 2018-08-08 5:29 p.m., Jean-David Beyer wrote:
> On 08/08/2018 05:02 PM, Chris Ilias wrote:
>> On 2018-08-07 6:34 AM, Jean-David Beyer wrote:
>>> For the last several months, I have been unable to use Amtrak's web
>>> site. When I try to get to Amtrak's web site:
>>>
>>> https://www.amtrak.com/home
>>>
>>> I get the following:
>>>
>>> Secure Connection Failed
>>>
>>> An error occurred during a connection to www.amtrak.com. Cannot
>>> communicate securely with peer: no common encryption algorithm(s). Error
>>> code: SSL_ERROR_NO_CYPHER_OVERLAP
>> <snip>
>>
>> Because the site seems to be working for everyone else, the cause of the
>> problem is probably not the site, but something on your computer.
>

> OK: you asked for it.

<snip>

Thanks. :)
Are you using Firefox provided by the package manager or from Mozilla.org?
If you're using the build provided by the package manager, could you
please try the from mozilla.org.

[Jean-David Beyer]

I am using what is provided by Red Hat. I have not tried anything else.
When I try anything not supplied by Red Hat, it usually takes several
weeks to get all the library dependencies right, if I can get them at
all. So I hesitate to try this.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 21:55:01 up 29 days, 21:45, 2 users, load average: 4.51, 4.46, 4.27

[Chris Ilias]

Maybe the info in this article will help:
<https://support.mozilla.org/kb/install-firefox-linux>

[Jean-David Beyer]

I seem to have some of these, but not all.
Firefox will not run at all without the following libraries or packages

requires libstdc++ 4.6.1 or higher; have
libstdc++-4.4.7-23.el6.x86_64
libstdc++-4.4.7-23.el6.i686
Too old, but latest one for my distro.

requires X.Org 1.0 or higher (1.7 or higher is recommended); have
xorg-x11-server-Xorg-1.17.4-17.el6.x86_64
Is 17 higher than 7? it sorts lower.

requires GLib 2.22 or higher; have
glib2-2.28.8-10.el6.x86_64
glib2-2.28.8-10.el6.i686

requires Pango 1.22 or higher; have
pango-1.28.1-11.el6.x86_64
pango-1.28.1-11.el6.i686

requires GNOME 2.16 or higher; have, among others:
gnome-session-2.28.0-24.el6.x86_64

requires PulseAudio; have:
pulseaudio-0.9.21-26.el6.x86_64

requires GTK+ 3.4 or higher; have
gtk2-2.24.23-9.el6.x86_64
gtk2-2.24.23-9.el6.i686
Too old, but latest one for my distro.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 08:20:01 up 30 days, 8:10, 3 users, load average: 4.40, 4.80, 4.71

[Ant]

On 8/9/2018 10:01 AM, Jean-David Beyer wrote:
> On 08/09/2018 08:48 AM, Andy Burns wrote:
>> Jean-David Beyer wrote:
>>
>>> It really seems to me that if so
>>> many people can see this one web site, even using current versions of
>>> Firefox, that it must have something to do with the OS or the settings
>>> or something.
>>
>> I haven't followed the full thread, but have you tried a clean profile
>> in firefox, or safe-mode?
>>
> I cleaned out the cache, removed the Amtrak cookies, and ran in safe
> mode. Nothing helped.

And a brand new Firefox profile and Linux account too?
--
"After World War III, the ants will still be around." --unknown
Note: A fixed width font (Courier, Monospace, etc.) is required to see
this signature correctly.
/\___/\ If crediting, then use Ant nickname and URL/link.
/ /\ /\ \ Axe ANT from its address if e-mailing privately.
| |o o| | http://antfarm.ma.cx / http://antfarm.home.dhs.org
\ _ /
( )

[Jean-David Beyer]

On 08/11/2018 10:57 AM, Ant wrote:
> On 8/9/2018 10:01 AM, Jean-David Beyer wrote:
>> On 08/09/2018 08:48 AM, Andy Burns wrote:
>>> Jean-David Beyer wrote:
>>>
>>>> It really seems to me that if so
>>>> many people can see this one web site, even using current versions of
>>>> Firefox, that it must have something to do with the OS or the settings
>>>> or something.
>>>
>>> I haven't followed the full thread, but have you tried a clean profile
>>> in firefox, or safe-mode?
>>>
>> I cleaned out the cache, removed the Amtrak cookies, and ran in safe
>> mode. Nothing helped.
>
> And a brand new Firefox profile and Linux account too?

OK: I made a new user on my machine, logged in as that user, started
Firefox for the first time, and it fails the same way. I assume I used a
new Firefox profile (since what else would it use?).

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 07:00:01 up 32 days, 6:50, 1 user, load average: 4.45, 4.56, 4.46

[Jeff Barnett]

😉 Good Guy 😉 wrote on 8/12/2018 10:22 AM:

> On 07/08/2018 11:34, Jean-David Beyer wrote:
>> For the last several months, I have been unable to use Amtrak's web
>> site. When I try to get to Amtrak's web site:
>>
>> https://www.amtrak.com/home
>>
>> I get the following:
>>
>> Secure Connection Failed
>>
>

> Have you tried using the link without the "s" in https://?  Try this link:
>
> <http://www.amtrak.com/home>

Interesting. Both versions work here - Win 7 PRO SP1 64-bit with FF
60.0.2 64-bit.
--
Jeff Barnett

[Jean-David Beyer]

On 08/12/2018 12:22 PM, 😉 Good Guy 😉 wrote:
> On 07/08/2018 11:34, Jean-David Beyer wrote:
>> For the last several months, I have been unable to use Amtrak's web
>> site. When I try to get to Amtrak's web site:
>>
>> https://www.amtrak.com/home
>>
>> I get the following:
>>
>> Secure Connection Failed
>>
>
> Have you tried using the link without the "s" in https://?  Try this link:
>
> <http://www.amtrak.com/home>
>

Sure: I tried that first (turned off httpseverywhere) but Amtrak just
turns it right back on. It is a site where I would enter my credit card
number so I really want it on. But anyway it does not work.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 16:25:01 up 32 days, 16:15, 2 users, load average: 4.88, 5.60, 5.44

[Andy Burns]

Good Guy wrote:

> Jean-David Beyer wrote:
>
>> Secure Connection Failed
>
> Have you tried using the link without the "s" in https://?

Like so many sites nowadays,
it just redirects you from http:// to https://

[Ant]

On 8/12/2018 4:06 AM, Jean-David Beyer wrote:

>> And a brand new Firefox profile and Linux account too?
>
> OK: I made a new user on my machine, logged in as that user, started
> Firefox for the first time, and it fails the same way. I assume I used a
> new Firefox profile (since what else would it use?).

Thanks. Interesting. Even with a brand new account and Firefox profile,
the web site still has issues. I forget. Did you already tried user
agent change idea too? I wonder if the web site hates Linux. :(
--
"I discovered that if one looks a little closer at this beautiful world,
there are always red ants underneath." --David Lynch

[Andy Burns]

Ant wrote:

> I wonder if the web site hates Linux

I tried it with firefox on Linux as well as Windows, both OK for me, and
it chose the same encryption algorithm for both.

[Jean-David Beyer]

On 08/16/2018 11:46 AM, 😉 Good Guy 😉 wrote:

> On 12/08/2018 12:06, Jean-David Beyer wrote:
>> OK: I made a new user on my machine, logged in as that user, started
>> Firefox for the first time, and it fails the same way. I assume I used a
>> new Firefox profile (since what else would it use?).
>>
>

> If you can't get the website _*at all*_  meaning not even their info
> site then it is likely that it has been blocked in your hosts file. 
> Have you checked your hosts file if there is an entry for Amtrak?  It's
> worth checking that first.

No problem getting to the site. My DNS finds the correct IP address.
Furthermore, I can use a text-only web browser (LYNX) and can get to the
site that way. But it is pretty much illegible that way. And it
immediately complains there is a bad html in there.

In other words, the networking aspect (DNS, firewalls, etc.) is OK, but
Amtrak and my browser cannot seem to negotiate a compatible encryption
mode. I worked for years, so either Amtrak, or Firefox have changed
their encryption modes.

[snip]

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 14:00:01 up 1 day, 6:18, 2 users, load average: 4.20, 4.59, 4.56

[Andy Burns]

Good Guy wrote:

> If you can't get the website _*at all*_  meaning not even their info
> site then it is likely that it has been blocked in your hosts file.

Unlikely, as the browser is saying it can't agree encryption with the
server, so there is a TLS connection, just that it cannot proceed.

[Andy Burns]

Jean-David Beyer wrote:

> Amtrak and my browser cannot seem to negotiate a compatible encryption
> mode

Can your browser load this website?

<https://realtimelogic.com/blog/2014/12/ChaCha20-amp-Poly1305>

here it negotiates the same encryption as with amtrack ..

[Jean-David Beyer]

On 08/16/2018 02:34 PM, Andy Burns wrote:
> Jean-David Beyer wrote:
>
>> Amtrak and my browser cannot seem to negotiate a compatible encryption
>> mode
>
> Can your browser load this website?

Yes: no trouble at all.

>
> <https://realtimelogic.com/blog/2014/12/ChaCha20-amp-Poly1305>
>
> here it negotiates the same encryption as with amtrack ..

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 14:50:01 up 1 day, 7:08, 2 users, load average: 4.87, 4.94, 4.88

[Andy Burns]

Jean-David Beyer wrote:

> Andy Burns wrote:
>
>> Can your browser load this website?
>
> Yes: no trouble at all.
>
>> <https://realtimelogic.com/blog/2014/12/ChaCha20-amp-Poly1305>

wireshark to capture the failed negotiation then?

[Jean-David Beyer]

> wireshark to capture the failed negotiation then? <---<<<

I downloaded and installed the wireshark package, but there is no manual
page so I do not know how to use it.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 15:10:01 up 1 day, 7:28, 2 users, load average: 4.82, 4.80, 4.80

[Jean-David Beyer]

On 08/16/2018 03:06 PM, Andy Burns wrote:

I just downloaded and installed:

Aug 16 15:30 wireshark-1.8.10-25.el6.x86_64.rpm
Aug 16 15:40 libsmi-0.4.8-4.el6.x86_64.rpm
Aug 16 15:52 wireshark-gnome-1.8.10-25.el6.x86_64.rpm

I am about to print out the man page.

Gawd! It seems to be printing out War & Peace and Ulysses.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 15:55:01 up 1 day, 8:13, 4 users, load average: 4.40, 4.60, 4.61

[Jean-David Beyer]

On 08/16/2018 03:06 PM, Andy Burns wrote:

I hope attached file captured what you (we?) need.

65.202.184.183 is the address I have for Amtrak from my DNS, but that
gets forwarded to other addresses...

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 16:35:01 up 1 day, 8:53, 4 users, load average: 4.15, 4.19, 4.26

[Andy Burns]

Jean-David Beyer wrote:

> I hope attached file captured what you (we?) need.

Not quite, it has seen the correct conversation, but I was hoping for a
..pcap file which has the actual packet content (including the TLS
negotiation) not just the packet headers ...

Did you use tshark from the CLI, or the wireshark in the GUI?

I rarely use tshark, but think you can use -w amtrak.pcap instead of
redirecting stdout.

> 65.202.184.183 is the address I have for Amtrak from my DNS, but that
> gets forwarded to other addresses...

Yes, they seem to use the akamai CDN, which makes it surprising that you
don't see the same error to the many other websites that also use akamai.

[Jean-David Beyer]

On 08/16/2018 10:49 PM, 😉 Good Guy 😉 wrote:

> On 16/08/2018 19:09, Jean-David Beyer wrote:
>> Furthermore, I can use a text-only web browser (LYNX) and can get to the
>> site that way.
>

> I am sorry I haven't followed everything you have done but just answer
> one question:  Have you tried Google Chrome?  Chome is standard on
> Linux  machines so please try it.  I don't think it is a good idea to
> try Lynx because not many people here  would have heard about it let
> alone used it.  It is not likely to be standards compliant and unlikely
> to handle scripts, php or even C# for web on Windows servers (and some
> Linux servers) which all modern transactional websites needs these days.
>
> If Chrome also has the same problem then you know it is your machine
> that is defective and so the best way forward is to reformat the HD and
> start again.  Something is corrupted;  Either the security certificates
> are damaged or something else.  This thread has been going on for
> sometime so you can resolve it quickly by reformatting the HD and
> starting again.
>

I cannot use Chrome with Red Hat Enterprise Linux. It is not supported
by Red Hat, and the library dependencies would take a month to resolve,
if it is possible at all.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 06:30:02 up 1 day, 22:48, 2 users, load average: 4.43, 4.46, 4.21

[Jean-David Beyer]

On 08/17/2018 05:08 AM, Andy Burns wrote:
> Jean-David Beyer wrote:
>
>> I hope attached file captured what you (we?) need.
>
> Not quite, it has seen the correct conversation, but I was hoping for a
> ..pcap file which has the actual packet content (including the TLS
> negotiation) not just the packet headers ...

In the startup process, Use pcap-ng format was checked.

>
> Did you use tshark from the CLI, or the wireshark in the GUI?

I used the wireshark in the GUI

>
> I rarely use tshark, but think you can use -w amtrak.pcap instead of
> redirecting stdout.
>
>> 65.202.184.183 is the address I have for Amtrak from my DNS, but that
>> gets forwarded to other addresses...
>
> Yes, they seem to use the akamai CDN, which makes it surprising that you
> don't see the same error to the many other websites that also use akamai.

Yes: Amtrak is the _only_ web site that exhibits this problem. And you
are right: many many other web sites use akamai.

Attached is another capture, where I forced it to print out lots more stuff.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

[WaltS48]

On 8/17/18 6:31 AM, Jean-David Beyer wrote:
> On 08/16/2018 10:49 PM, 😉 Good Guy 😉 wrote:
>> On 16/08/2018 19:09, Jean-David Beyer wrote:
>>> Furthermore, I can use a text-only web browser (LYNX) and can get to the
>>> site that way.
>> I am sorry I haven't followed everything you have done but just answer
>> one question:  Have you tried Google Chrome?  Chome is standard on
>> Linux  machines so please try it.  I don't think it is a good idea to
>> try Lynx because not many people here  would have heard about it let
>> alone used it.  It is not likely to be standards compliant and unlikely
>> to handle scripts, php or even C# for web on Windows servers (and some
>> Linux servers) which all modern transactional websites needs these days.
>>
>> If Chrome also has the same problem then you know it is your machine
>> that is defective and so the best way forward is to reformat the HD and
>> start again.  Something is corrupted;  Either the security certificates
>> are damaged or something else.  This thread has been going on for
>> sometime so you can resolve it quickly by reformatting the HD and
>> starting again.
>>
> I cannot use Chrome with Red Hat Enterprise Linux. It is not supported
> by Red Hat, and the library dependencies would take a month to resolve,
> if it is possible at all.
>
>

Tried any LiveCDs of other Linux versions, like Ubuntu 18.04 LTS?

--
CPU: 3.2 Ghz AMD Athlon(tm) II X3 455 Processor
RAM: 8 GiB
Graphics: GeForce GT 630/PCIe/SSE2
OS: Ubuntu Linux 18.04LTS - Gnome Desktop

[Mark Lloyd]

On 08/16/2018 10:46 AM, 😉 Good Guy 😉 wrote:

[snip]

> If you can't get the website _*at all*_  meaning not even their info
> site then it is likely that it has been blocked in your hosts file.

> Have you checked your hosts file if there is an entry for Amtrak?  It's
> worth checking that first.
>

> On Windows 10 and even in Windows 7/8.1 it is at this location:
>
> <C:\Windows\System32\drivers\etc>

2000/XP as well (I don't know about Vista, but probably).

> The file is called: "hosts"  without any extensions.

[snip]

> --
> With over 950 million devices now running Windows 10, customer
> satisfaction is higher than any previous version of windows.


--
Mark Lloyd
http://notstupid.us/

"I do not believe in the immortality of the individual, and I consider
ethics to be an exclusively human concern with no superhuman authority
behind it." -- Albert Einstein

[Sjouke Burry]

On 17-8-2018 17:32, Mark Lloyd wrote:
> On 08/16/2018 10:46 AM, 😉 Good Guy 😉 wrote:
>
> [snip]
>
>> If you can't get the website _*at all*_ meaning not even their info
>> site then it is likely that it has been blocked in your hosts file.
>> Have you checked your hosts file if there is an entry for Amtrak? It's
>> worth checking that first.
>>
>> On Windows 10 and even in Windows 7/8.1 it is at this location:
>>
>> <C:\Windows\System32\drivers\etc>
>
> 2000/XP as well (I don't know about Vista, but probably).

Indeed (xp pro and xp Media Centre)

[Jean-David Beyer]

On 08/08/2018 06:04 AM, Andy Burns wrote:
> Jean-David Beyer wrote:
>

>> I am beginning to think  that Amtrak are using a new security scheme
>> that is not supported by my browser.
>
> For me it shows the browser/server have negotiated
>
> TLS_ECHDE_RSA_WITH_CHACHA20_POLY1305_SHA256
> 256bit keys
> TLS1.2
>
> which should work in firefox 47 or later.

I am running 60.1.0esr (64-bit)

TLS_ECHDE_RSA_WITH_CHACHA20_POLY1305_SHA256 does not seem to be one of
the options available.

Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

These are the nearest, and not good enough.

Session ID Length: 0
Cipher Suites Length: 22
Cipher Suites (11 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
(0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 99
Extension: server_name
Type: server_name (0x0000)
Length: 19
Server Name Indication extension
Server Name list length: 17
Server Name Type: host_name (0)
Server Name length: 14
Server Name: www.amtrak.com
Extension: renegotiation_info
Type: renegotiation_info (0xff01)
Length: 1
Renegotiation Info extension
Renegotiation info extension length: 0
Extension: elliptic_curves
Type: elliptic_curves (0x000a)
Length: 8
Elliptic Curves Length: 6
Elliptic curves (3 curves)
Elliptic curve: secp256r1 (0x0017)
Elliptic curve: secp384r1 (0x0018)
Elliptic curve: secp521r1 (0x0019)
Extension: ec_point_formats
Type: ec_point_formats (0x000b)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
Extension: SessionTicket TLS
Type: SessionTicket TLS (0x0023)
Length: 0
Data (0 bytes)
Extension: Unknown 16
Type: Unknown (0x0010)
Length: 14
Data (14 bytes)
Extension: status_request
Type: status_request (0x0005)
Length: 5
Data (5 bytes)
Extension: signature_algorithms
Type: signature_algorithms (0x000d)
Length: 18
Data (18 bytes)

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 13:40:01 up 2 days, 5:58, 2 users, load average: 4.24, 4.26, 4.35

[Andy Burns]

Jean-David Beyer wrote:

> I am running 60.1.0esr (64-bit)
>
> TLS_ECHDE_RSA_WITH_CHACHA20_POLY1305_SHA256 does not seem to be one of
> the options available.

Is that confirmed by <https://www.ssllabs.com/ssltest/viewMyClient.html> ?

I am using Fedora 28 with firefox 60.1.0 non-ESR 64bit

[Jean-David Beyer]

Cipher Suites (in order of preference)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) Forward Secrecy 256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) Forward Secrecy 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK 112


Protocol Support
Your user agent has good protocol support.
Your user agent supports TLS 1.2, which is recommended protocol version
at the moment.
Logjam Vulnerability
Your user agent is not vulnerable.
For more information about the Logjam attack, please go to weakdh.org.
To test manually, click here. Your user agent is not vulnerable if it
fails to connect to the site.
FREAK Vulnerability
Your user agent is not vulnerable.
For more information about the FREAK attack, please go to
www.freakattack.com.
To test manually, click here. Your user agent is not vulnerable if it
fails to connect to the site.
POODLE Vulnerability
Your user agent is not vulnerable.
For more information about the POODLE attack, please read this blog post.
Protocol Features
Protocols
TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2

Protocol Details
Server Name Indication (SNI) Yes
Secure Renegotiation Yes
TLS compression No
Session tickets Yes
OCSP stapling Yes
Signature algorithms SHA256/ECDSA, SHA384/ECDSA, SHA512/ECDSA,
SHA256/RSA, SHA384/RSA, SHA512/RSA, SHA1/ECDSA, SHA1/RSA
Named Groups secp256r1, secp384r1, secp521r1
Next Protocol Negotiation No
Application Layer Protocol Negotiation Yes h2 http/1.1
SSL 2 handshake compatibility No

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 15:55:01 up 2 days, 8:13, 2 users, load average: 4.22, 4.30, 4.45

[Andy Burns]

Jean-David Beyer wrote:

> TLS 1.3 No

given my firefox 61 on fedora does have tls1.3 and chacha enabled, seems
like rhel's build has certain crypto features disabled ...


does your about:config have any entries for for matching "chacha" ?

[Andy Burns]

Jean-David Beyer wrote:

> Cipher Suites (in order of preference)
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy 256
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) Forward Secrecy 256
> TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy 128
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) Forward Secrecy 128
> TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
> TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK 112

User Agent:
Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0

Protocols:
TLS 1.3 Yes

TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No

SSL 2 No

Cipher Suites (in order of preference):
TLS_AES_128_GCM_SHA256 (0x1301) Forward Secrecy 128
TLS_CHACHA20_POLY1305_SHA256 (0x1303) Forward Secrecy 256
TLS_AES_256_GCM_SHA384 (0x1302) Forward Secrecy 256

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Forward Secrecy
256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256

[Jean-David Beyer]

security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256;true
security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256;true

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 16:25:01 up 2 days, 8:43, 2 users, load average: 4.57, 4.57, 4.58

[Andy Burns]

Jean-David Beyer wrote:

> TLS_ECHDE_RSA_WITH_CHACHA20_POLY1305_SHA256 does not seem to be one of
> the options available.

<https://bugzilla.redhat.com/show_bug.cgi?id=1373160>

:-(

[Jean-David Beyer]

So it is hopeless. 8-(

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 16:30:01 up 2 days, 8:48, 2 users, load average: 4.27, 4.35, 4.47

[Andy Burns]

Jean-David Beyer wrote:

> On 08/17/2018 04:29 PM, Andy Burns wrote:
>> Jean-David Beyer wrote:
>>
>>> TLS_ECHDE_RSA_WITH_CHACHA20_POLY1305_SHA256 does not seem to be one of
>>> the options available.
>>
>> <https://bugzilla.redhat.com/show_bug.cgi?id=1373160>
>>
>> :-(
>
> So it is hopeless. 8-(

Actually does firefox on linux use openssl, or is encryption done by NSS?

[Jean-David Beyer]

On 08/17/2018 04:51 PM, Andy Burns wrote:
> Jean-David Beyer wrote:
>
>> On 08/17/2018 04:29 PM, Andy Burns wrote:
>>> Jean-David Beyer wrote:
>>>
>>>> TLS_ECHDE_RSA_WITH_CHACHA20_POLY1305_SHA256 does not seem to be one of
>>>> the options available.
>>>
>>> <https://bugzilla.redhat.com/show_bug.cgi?id=1373160>
>>>
>>> :-(
>>
>> So it is hopeless. 8-(
>
> Actually does firefox on linux use openssl, or is encryption done by NSS?

How would I find that out?

DellT7600:jeandavid8[/usr/lib64/firefox]$ ldd firefox
[this might not be the right file]
linux-vdso.so.1 => (0x00007ffcf4cca000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa8ad578000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fa8ad373000)
librt.so.1 => /lib64/librt.so.1 (0x00007fa8ad16b000)
libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00007fa8ace65000)
libm.so.6 => /lib64/libm.so.6 (0x00007fa8acbe0000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fa8ac9ca000)
libc.so.6 => /lib64/libc.so.6 (0x00007fa8ac636000)
/lib64/ld-linux-x86-64.so.2 (0x0000562584893000)

DellT7600:jeandavid8[/usr/lib64/firefox]$ rpm -qa | grep ssl
docbook-style-dsssl-1.79-10.el6.noarch
openssl-1.0.1e-57.el6.x86_64
openssl098e-0.9.8e-20.el6_7.1.x86_64

DellT7600:jeandavid8[/usr/lib64/firefox]$ rpm -qa | grep nss
openssh-5.3p1-123.el6_9.x86_64
nss-util-3.36.0-1.el6.x86_64
nss-pam-ldapd-0.7.5-32.el6.x86_64
openssh-server-5.3p1-123.el6_9.x86_64
nss-softokn-3.14.3-23.3.el6_8.x86_64
mod_dnssd-0.6-2.el6.x86_64
nss-softokn-freebl-3.14.3-23.3.el6_8.i686
nss-softokn-3.14.3-23.3.el6_8.i686
nss-tools-3.36.0-8.el6.x86_64
openssl-1.0.1e-57.el6.x86_64
openssh-clients-5.3p1-123.el6_9.x86_64
python-nss-0.16.0-1.el6.x86_64
nss-3.36.0-8.el6.i686
nss-3.36.0-8.el6.x86_64
nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64
openssh-askpass-5.3p1-123.el6_9.x86_64
nss-sysinit-3.36.0-8.el6.x86_64
nss-util-3.36.0-1.el6.i686
openssl098e-0.9.8e-20.el6_7.1.x86_64

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 17:40:01 up 2 days, 9:58, 3 users, load average: 4.29, 4.38, 4.43

[Ant]

On 8/17/2018 8:36 AM, 😉 Good Guy 😉 wrote:

> On 17/08/2018 15:27, WaltS48 wrote:
>>
>>>
>>
>> Tried any LiveCDs of other Linux versions, like Ubuntu 18.04 LTS?
>>
>

> That's a good point.  We need to eliminate the for sure whether the
> Operating system is corrupted and using the Live CD is one way.
>
> I think the Operating system is corrupted because everybody here can
> access that site and they don't have any problems so clearly
> Jean-David's machine is the suspect.

Did he already try another web browser beside Firefox in his Linux
system? Like Chrome, Chromium, SeaMonkey, Opera, etc.?
--
"God is a mean kid sitting on an ant-hill with a magnifying glass, and
I'm the ant." --Bruce Nolan (Bruce Almighty movie)
Note: A fixed width font (Courier, Monospace, etc.) is required to see
this signature correctly.
/\___/\ If crediting, then use Ant nickname and URL/link.
/ /\ /\ \ Axe ANT from its address if e-mailing privately.
| |o o| | http://antfarm.ma.cx / http://antfarm.home.dhs.org
\ _ /
( )

[WaltS48]

On 8/18/18 5:26 AM, Ant wrote:
> On 8/17/2018 8:36 AM, 😉 Good Guy 😉 wrote:
>> On 17/08/2018 15:27, WaltS48 wrote:
>>>
>>>>
>>>
>>> Tried any LiveCDs of other Linux versions, like Ubuntu 18.04 LTS?
>>>
>>
>> That's a good point.  We need to eliminate the for sure whether the
>> Operating system is corrupted and using the Live CD is one way.
>>
>> I think the Operating system is corrupted because everybody here can
>> access that site and they don't have any problems so clearly
>> Jean-David's machine is the suspect.
>
> Did he already try another web browser beside Firefox in his Linux
> system? Like Chrome, Chromium, SeaMonkey, Opera, etc.?

Probably and they work, but IIRC Firefox even with a test profile doesn't..

[Andy Burns]

Ant wrote:

> Did he already try another web browser beside Firefox in his Linux
> system? Like Chrome, Chromium, SeaMonkey, Opera, etc.?

Mine worked in fedora28 firefox 60.1

I haven't got a RHEL install to try it with

So I tried with a live centos 7.5 USB stick

it worked with the "out of the box" firefox 52ESR, and also works with
the updated 60.0ESR

SSLlabs shows that

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)

are available but

TLS_CHACHA20_POLY1305_SHA256 (0x1303)

isn't available

however amtrak still works fine.

Is the O/P sure there is no proxy (transparent or otherwise) between his
RHEL box and the internet?

[🐮 Cows are Nice 🐮]

On 08/07/2018 03:34 AM, Jean-David Beyer wrote:
> For the last several months, I have been unable to use Amtrak's web
> site. When I try to get to Amtrak's web site:
>
> https://www.amtrak.com/home
>
> I get the following:
>
> Secure Connection Failed
>
> An error occurred during a connection to www.amtrak.com. Cannot
> communicate securely with peer: no common encryption algorithm(s). Error
> code: SSL_ERROR_NO_CYPHER_OVERLAP
>
> The page you are trying to view cannot be shown because the
> authenticity of the received data could not be verified.
> Please contact the website owners to inform them of this problem.

I get exactly the same error when using Firefox 38.8.0 ESR

The page loads successfully when I use Firefox 52.9.0 ESR

So, I don't think that your OS is at fault.
I run Linux Mint 17.3 32-bit, it's vastly different than your RHEL, and
my differing results depend only on which browser I use. Both FF
browsers came from mozilla directly, not a repository.

[Jean-David Beyer]

On 08/18/2018 10:41 AM, Andy Burns wrote:
> Ant wrote:
>
>> Did he already try another web browser beside Firefox in his Linux
>> system? Like Chrome, Chromium, SeaMonkey, Opera, etc.?

I cannot install Chrome. Insoluble library dependency problems.

I tried Lynx (text-only) browser that is unconcerned with ssl, and I can
get the site, but get an immetiate complaint about an html error on the
site.

>
> Mine worked in fedora28 firefox 60.1
>
> I haven't got a RHEL install to try it with
>
> So I tried with a live centos 7.5 USB stick

I am running

Red Hat Enterprise Linux Server release 6.10 (Santiago)

The equivalent from CentOS would be CentOS 6.10.

Remember I could access Amtrak's website since late November 2012 using
Red Hat Enterprise Linux Server release 6.1 and all the updates since
then. Similarly, all the updates of Firefox that came through from Red
Hat since then too. Now currently running
firefox-60.1.0-6.el6.x86_64 (ESR)

>
> it worked with the "out of the box" firefox 52ESR, and also works with
> the updated 60.0ESR
>
> SSLlabs shows that
>
> TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
>
> are available but
>
> TLS_CHACHA20_POLY1305_SHA256 (0x1303)
>
> isn't available

On my system, according to wireshark network analyzer, the following are
available.

Cipher Suites (11 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
(0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

Elliptic curves (3 curves)
Elliptic curve: secp256r1 (0x0017)
Elliptic curve: secp384r1 (0x0018)
Elliptic curve: secp521r1 (0x0019)


>

> however amtrak still works fine.
>
> Is the O/P sure there is no proxy (transparent or otherwise) between his
> RHEL box and the internet?

If there is a proxy, it would be at my ISP (verizon.net).

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 14:50:01 up 3 days, 7:08, 2 users, load average: 4.06, 4.28, 4.45

[Jean-David Beyer]

Right now I have:

firefox-60.1.0-6.el6.x86_64
a.k.a. Firefox Quantum 60.1.0esr (64-bit)

I used to use Firefox with lower numbers [esr] I remember a bunch of 52s
that may have worked.

We still do not know if Amtrak switched encryption algorithms or if
Firefox did.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 15:20:01 up 3 days, 7:38, 3 users, load average: 4.61, 4.39, 4.26

[Jean-David Beyer]

On 08/18/2018 03:19 PM, Jean-David Beyer wrote:
> I am running
>
> Red Hat Enterprise Linux Server release 6.10 (Santiago)
>
> The equivalent from CentOS would be CentOS 6.10.
>
> Remember I could access Amtrak's website since late November 2012 using
> Red Hat Enterprise Linux Server release 6.1 and all the updates since
> then. Similarly, all the updates of Firefox that came through from Red
> Hat since then too. Now currently running
> firefox-60.1.0-6.el6.x86_64 (ESR)

I do not know which version of Firefox stopped working with Amtrak,
since I do not go there very often.

I can login to BNSF's web site: https://friendsofbnsf.com/node
;-)

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 15:40:01 up 3 days, 7:58, 2 users, load average: 5.48, 4.72, 4.44

[Andy Burns]

Jean-David Beyer wrote:

> The equivalent from CentOS would be CentOS 6.10.

Unfortunately CentOS 6.10 64bit live USB stick gives a kernel panic when
booting on my machine ...

[Jean-David Beyer]

Sigh!

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 16:00:01 up 3 days, 8:18, 2 users, load average: 4.09, 4.45, 4.52

[Andy Burns]

Jean-David Beyer wrote:

> Andy Burns wrote:
>
> CentOS 6.10 64bit live USB stick gives a kernel panic when
>> booting on my machine ...
>
> Sigh!

I'll see if it's any happier within a VM ...

[Andy Burns]

centos 6.10 installed happily in a VM, the firefox 52.8.0 that it
arrived with failed to load amtrak with the "no cypher overlap" error, I
updated it to 62.0.1esr and that does the same.

So given that you say it used to work on RHEL, I suppose amtrak changed
something at their end, and the RHEL firefox build is built with a few
crypto types disabled, leaving it unable to find common ground with
amtrak ...

game over I suppose if you can't install a mozilla version of firefox.

[Jean-David Beyer]

Well, I can always call Amtrak on the telephone to make reservations and
have them mail, or e-mail me the tickets..

Thanks for helping figure out what the real problem is.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521.
/( )\ Shrewsbury, New Jersey http://linuxcounter.net

^^-^^ 16:35:01 up 4 days, 8:53, 2 users, load average: 5.27, 4.46, 4.20