Easily Fix the ssl_error_no_cypher_overlap in Firefox

If you are using Mozilla Firefox as your primary browser, you may have encountered this error. When it occurs, you will find the majority of links blocked and receive a message with the error code SSL_ERROR_NO_CYPHER_OVERLAP. This way the browser indicates that it has a problem with SSL/TLS settings. So you need to check a few TLS/SSL-related parameters in order to fix the problem with Firefox.

What to do after the SSL_ERROR_NO_CYPHER_OVERLAP appears?

Close all tabs that are currently open and save your current working progress. Then open a new tab and type in the address bar about:config to get to the hidden Firefox settings menu. You will see a clever warning message from the developers – accept it. In the next window, you will see all the configuration settings.

Reset TLS settings

In the search bar above the list, type TLS. This command will show you all TLS-related settings. TLS stands for transport layer security, which is a modern cryptographic protocol developed for better communication security over a computer network. Now look for all settings in bold (it means that the settings were altered). In order to restore the setting to its default state, right click it and select «Reset.» On the screenshot below, you can see the “network.http.tls-handshake-timeout” setting in bold – it must be reset.

Reset SSL settings

Use search again but this type SSL3 instead of TLS. Look for the bold text again which indicates that a setting been changed. Right-click the settings and select «Reset.» We would also recommend you to block two additional settings to improve your security:

  • ssl3.dhe_rsa_aes_128_sha.
  • ssl3.dhe_rsa_aes_256_sha.

They are related to the vulnerability known as Logjam that appeared a few years ago.

Change TLS version

Changing the version of TLS is a smart move to avoid the error. Just don’t forget that you shouldn’t do this for each and every website. Type TLS in the search bar of the about:config menu once again. Look for the setting security.tls.version.fallback-limit and set its value as 0. Then do the same for the security.tls.version.min setting. Test whether you have a connection to the website or not.

Important note: changing these settings will make your browser more vulnerable. We suggest you reverse the changes shortly after fixing the error. You can reset them to defaults as you did with other settings. 

Server problems

If the error occurs only on one particular website, it is a dead giveaway of server issues. Only server admins can solve the problem at this point. Usually, it happens when the website is still on the RC4-Only Cipher Suite, while the server’s setting security.tls.unrestricted_rc4_fallback is off (set to false).