When browsing websites using Firefox, if you find most of the web links blocked, and you receive an error code SSL ERROR NO CYPHER OVERLAP, then there is a problem with one of the SSL / TLS settings in the browser. You need to check on few settings around TLS/ SSL to fix this error in Firefox.
Close all the tabs you are working on, and save all your work. Next, open a new TAB, and type about: config to open settings of Firefox. If you get a warning, accept it. The next screen will display all the configuration settings.
Reset TLS Settings
1] In the search box above the list, type TLS. This will reveal all the settings which have TLS configuration. TLS stands for Transport layer socket.
2] Search for any settings which have a value appearing in BOLD. If yes, it means that the setting has been changed. To restore it back to default settings, right click on it, and choose Reset.
Reset SSL Settings
1] Repeat the search in about: config with SSL3. Look for configuration which has been modified i.e. they will appear in bold.
2] Right click on those settings, and then reset it. You can also double-click to restore to default settings. However, the two settings needed to be blocked to improve security. Set them to false.
Interesting fact: These two are related to the popular Logjam vulnerability which appeared three years ago.
Change TLS Version Fallback
Changing TLS version to bypass is a great option, but stay warned that you should do not do it for every website.
- In the about: config section of Firefox, search for security.tls.version.fallback-limit.
- Change the value to 0.
- Repeat this for security.tls.version.min and set value to 0.
- Check if you can access the website.
Warning: Changing these values will make your browser less secure. So do it if it is very necessary. Make sure to reset it later.
Server Side Problem
If this is happening with one particular website only, its a server side issue. Only, the server admin can resolve the issue. This mostly happens when a website is still using RC4-Only Cipher Suite, and the settings in the server ‘security.tls.unrestricted_rc4_fallback’ preference is toggled to false.
We have noticed this error reported at times, for various websites including Cloudfare, Sonicwall, Tomcat, IMGUR, Amazon and so on.