TFF doesn't open web radio page

Joachim's Avatar

Joachim

27 Mar, 2018 12:42 PM

Dear support team,
I use the latest version of TFF, FPR 6 (SPR 1), and since a few days can't open my favorite web radio site anymore which is https://furry.fm/de-de/ When I try to open it, I don't get an error or other message, TFF simply doesn't do it. Other pages work fine.
This radio site has been working for years with every version of TFF. I know the site owner, he assured me he didn't made any changes. Even my old safari browser can open it, but this is worthless for me, because the radio and chat function don't work there.
What can I do? Thanks in advance for help.
Joachim

  1. Support Staff 1 Posted by Chris (chtrusch... on 27 Mar, 2018 06:48 PM

    Chris (chtrusch)'s Avatar

    Confirmed, works in TFF up to v31, doesn't load anything in 38 and later. Regression window is exactly between 31.7.0 and 38.0.1b1.

  2. Support Staff 2 Posted by Cameron Kaiser on 27 Mar, 2018 11:57 PM

    Cameron Kaiser's Avatar

    I won't be at my Mac for a week or two. Does this display any error messages in either the browser console, or in Console.app?

  3. Support Staff 3 Posted by Chris (chtrusch... on 28 Mar, 2018 04:35 AM

    Chris (chtrusch)'s Avatar

    Browser console: No error. It displays
    GET https://furry.fm/ [120ms] then nothing. Page source at this point for the browser is simply about:blank.

    Console.app: Nothing.

    Single elements from the website such as
    https://furry.fm/images/furryfmlive_small.png
    don't do anything, either. TFF simply doesn't connect.

  4. Support Staff 4 Posted by Chris (chtrusch... on 28 Mar, 2018 01:46 PM

    Chris (chtrusch)'s Avatar

    Works fine in Firefox 52 ESR Win7.

  5. 5 Posted by Joachim on 28 Mar, 2018 02:13 PM

    Joachim's Avatar

    Thank you for your answers. So would you recommend to use one of these old versions, f.ex. TFF 37? (BTW, where can I get these?).
    Being a 10.4.11 user, TFF is my only way to connect to the modern internet. :)

  6. Support Staff 6 Posted by Chris (chtrusch... on 28 Mar, 2018 04:35 PM

    Chris (chtrusch)'s Avatar

    Joachim, we don't recommend using older versions. We're still in the process of determining what's wrong and how to fix it. This may take a while.

    In the meantime, here's the direct streaming link, open with QuickTime player or VLC (or drop the downloaded m3u file onto VLC):
    https://samcloud.spacial.com/api/listen?sid=85768&rid=156094&f=aac,any&br=128000,any&m=m3u

  7. 7 Posted by Joachim on 28 Mar, 2018 05:26 PM

    Joachim's Avatar

    Thank you very much Chris! I'll be patient :)

  8. Support Staff 8 Posted by Chris (chtrusch... on 29 Mar, 2018 07:27 PM

    Chris (chtrusch)'s Avatar

    Still don't understand what's going on. If I ping furry.fm it answers. Traceroute goes down to 85.25.210.172. Furmania.org, hosted at the same server/IP, works. Furry.fm works fine in Safari 5 with latest LWK, but totally ignores our GET request. Changing our useragent doesn't do anything, so it's either a block on the server side (website or Plesk hosting) or something technical we've been lacking since TFF 38.

    Joachim, can you confirm the website worked until recently in TFF 38 and later? Or did you update from TFF 31 a few days ago?

  9. Support Staff 9 Posted by Chris (chtrusch... on 29 Mar, 2018 07:42 PM

    Chris (chtrusch)'s Avatar

    OK, if I set network.http.spdy.enforce-tls-profile to false it works. I.e. the server at furry.fm is misconfigured. It tries to use AES-CBC-SHA encryption with HTTP/2, which is not permitted. Not our fault, except we're maybe a bit strict in this regard, but I guess that's generally a good thing.

  10. 10 Posted by Joachim on 30 Mar, 2018 09:36 AM

    Joachim's Avatar

    Chris, the website worked fine since March 2016 when I found it the first time.
    I always used the latest version of TFF, and it worked with every version almost 2 years. My last time I opened the site successfully was about end of february 2018.

  11. Support Staff 11 Posted by Chris (chtrusch... on 30 Mar, 2018 10:15 AM

    Chris (chtrusch)'s Avatar

    Joachim, thanks for the info. This is what you can do:

    a) Ideally you should talk to the site owner and ask them to configure their server correctly for HTTP/2. If they can't/won't/don't understand:
    b) type about:config in the URL bar of the browser, search for
    network.http.spdy.enforce-tls-profile
    and double-click it to set it to false. This way you'll make TenFourFox a little bit less secure but more compatible with furry.fm.

  12. Support Staff 12 Posted by Chris (chtrusch... on 30 Mar, 2018 10:20 AM

    Chris (chtrusch)'s Avatar

    Cameron, what's to do? To disable HTTP2 and force the server to use HTTP 1.1 or the old spdy implementation (like TFF 31, that's why furry.fm still works in that version) doesn't seem like a good idea. To disable all old AES-CBC-SHAs would force servers to use more recent encryption methods, which works with furry.fm but would probably break other sites. Defaulting to network.http.spdy.enforce-tls-profile=false would allow servers to smuggle in old encryption with HTTP2. There's really no good solution to this.

  13. Support Staff 13 Posted by Cameron Kaiser on 30 Mar, 2018 10:55 AM

    Cameron Kaiser's Avatar

    Chris, what exact cipher does it negotiate (Command-I, security tab)? On this Firefox on an Intel MacBook, it negotiates ECDHE-RSA-AES256-GCM-SHA384. That matches the cipher list the server appears to export, and is not a TenFourFox supported cipher. However, the server should also support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, and TenFourFox does support that. Is there a change in the cipher it negotiates between FPR7b1 (which has an additional CBC-SHA cipher to get Amtrak working) and FPR6? The best solution might be issue 480: https://github.com/classilla/tenfourfox/issues/480

  14. Support Staff 14 Posted by Cameron Kaiser on 30 Mar, 2018 11:00 AM

    Cameron Kaiser's Avatar

    (For reference, here is the SSLLabs analysis: https://www.ssllabs.com/ssltest/analyze.html?d=furry.fm )

  15. Support Staff 15 Posted by Chris (chtrusch... on 30 Mar, 2018 12:17 PM

    Chris (chtrusch)'s Avatar

    Provided network.http.spdy.enforce-tls-profile is set to false:
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is negociated for both FPR6.1 and FPR 7b1.

  16. 16 Posted by Joachim on 30 Mar, 2018 04:39 PM

    Joachim's Avatar

    Chris, thank you very much! This works fine. For the moment, I will chance this setting when I want to visit this site, after I will activate it again. This is not big business.
    Thanks a lot to the support theam, you help to keep our good old PPC macs alive!

  17. Support Staff 17 Posted by Cameron Kaiser on 10 Apr, 2018 09:17 PM

    Cameron Kaiser's Avatar

    Confirmed that adding support for ECDHE-RSA-AES256-GCM-SHA384 fixes the reported site as per issue 480, so this will be part of FPR7 beta 2.

  18. Support Staff 18 Posted by Cameron Kaiser on 14 Apr, 2018 10:55 PM

    Cameron Kaiser's Avatar

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

15 Oct, 2018 10:39 PM
15 Oct, 2018 06:02 PM
13 Oct, 2018 08:46 PM
07 Oct, 2018 10:54 PM
06 Oct, 2018 06:58 PM