When browsing websites using Firefox, if you find most of the web links blocked, and you receive an error code SSL  ERROR NO CYPHER OVERLAP, then there is a problem with one of the SSL / TLS settings in the browser. You need to check on few settings around TLS/ SSL to fix this error in Firefox.



Close all the tabs you are working on, and save all your work. Next, open a new TAB, and type about: config to open settings of Firefox. If you get a warning, accept it. The next screen will display all the configuration settings.

Reset TLS Settings

1] In the search box above the list, type TLS. This will reveal all the settings which have TLS configuration.  TLS stands for Transport layer socket.

Change TLS Settings in Firefox

2] Search for any settings which have a value appearing in BOLD. If yes, it means that the setting has been changed. To restore it back to default settings, right click on it, and choose Reset.

Reset Configuration in Firefox to Default Value

Reset SSL Settings

1] Repeat the search in about: config with SSL3. Look for configuration which has been modified i.e. they will appear in bold.

2] Right click on those settings, and then reset it. You can also double-click to restore to default settings. However, the two settings needed to be blocked to improve security.  Set them to false.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

Interesting fact: These two are related to the popular Logjam vulnerability which appeared three years ago.

Change TLS Version Fallback

Changing TLS version to bypass is a great option, but stay warned that you should do not do it for every website.

  • In the about: config section of Firefox, search for security.tls.version.fallback-limit.
  • Change the value to 0.
  • Repeat this for security.tls.version.min and set value to 0.
  • Check if you can access the website.

Warning: Changing these values will make your browser less secure. So do it if it is very necessary. Make sure to reset it later.

Server Side Problem

If this is happening with one particular website only, its a server side issue. Only, the server admin can resolve the issue. This mostly happens when a website is still using RC4-Only Cipher Suite, and the settings in the server ‘security.tls.unrestricted_rc4_fallback’ preference is toggled to false.

We have noticed this error reported at times, for various websites including Cloudfare, Sonicwall, Tomcat, IMGUR, Amazon and so on.

Posted by on , in Category General with Tags
Ashish is a veteran Windows, and Xbox user who excels in writing tips, tricks, and features on it to improve your day to day experience with your devices.