Home → Problems →

TFF doesn't open web radio page

• Edit

Joachim

27 Mar, 2018 12:42 PM

Dear support team,
I use the latest version of TFF, FPR 6 (SPR 1), and since a few days can't open my favorite web radio site anymore which is https://furry.fm/de-de/ When I try to open it, I don't get an error or other message, TFF simply doesn't do it. Other pages work fine.
This radio site has been working for years with every version of TFF. I know the site owner, he assured me he didn't made any changes. Even my old safari browser can open it, but this is worthless for me, because the radio and chat function don't work there.
What can I do? Thanks in advance for help.
Joachim

1. Support Staff 1 Posted by Chris (chtrusch... on 27 Mar, 2018 06:48 PM

   

   Confirmed, works in TFF up to v31, doesn't load anything in 38 and later. Regression window is exactly between 31.7.0 and 38.0.1b1.

   • Edit

2. Support Staff 2 Posted by Cameron Kaiser on 27 Mar, 2018 11:57 PM

   

   I won't be at my Mac for a week or two. Does this display any error messages in either the browser console, or in Console.app?

   • Edit

3. Support Staff 3 Posted by Chris (chtrusch... on 28 Mar, 2018 04:35 AM

   

   Browser console: No error. It displays
   GET https://furry.fm/ [120ms] then nothing. Page source at this point for the browser is simply about:blank.

   Console.app: Nothing.

   Single elements from the website such as
   https://furry.fm/images/furryfmlive_small.png
   don't do anything, either. TFF simply doesn't connect.

   • Edit

4. Support Staff 4 Posted by Chris (chtrusch... on 28 Mar, 2018 01:46 PM

   

   Works fine in Firefox 52 ESR Win7.

   • Edit

5. 5 Posted by Joachim on 28 Mar, 2018 02:13 PM

   

   Thank you for your answers. So would you recommend to use one of these old versions, f.ex. TFF 37? (BTW, where can I get these?).
   Being a 10.4.11 user, TFF is my only way to connect to the modern internet. :)

   • Edit

6. Support Staff 6 Posted by Chris (chtrusch... on 28 Mar, 2018 04:35 PM

   

   Joachim, we don't recommend using older versions. We're still in the process of determining what's wrong and how to fix it. This may take a while.

   In the meantime, here's the direct streaming link, open with QuickTime player or VLC (or drop the downloaded m3u file onto VLC):
   https://samcloud.spacial.com/api/listen?sid=85768&rid=156094&f=aac,any&br=128000,any&m=m3u

   • Edit

7. 7 Posted by Joachim on 28 Mar, 2018 05:26 PM

   

   Thank you very much Chris! I'll be patient :)

   • Edit

8. Support Staff 8 Posted by Chris (chtrusch... on 29 Mar, 2018 07:27 PM

   

   Still don't understand what's going on. If I ping furry.fm it answers. Traceroute goes down to 85.25.210.172. Furmania.org, hosted at the same server/IP, works. Furry.fm works fine in Safari 5 with latest LWK, but totally ignores our GET request. Changing our useragent doesn't do anything, so it's either a block on the server side (website or Plesk hosting) or something technical we've been lacking since TFF 38.

   Joachim, can you confirm the website worked until recently in TFF 38 and later? Or did you update from TFF 31 a few days ago?

   • Edit

9. Support Staff 9 Posted by Chris (chtrusch... on 29 Mar, 2018 07:42 PM

   

   OK, if I set network.http.spdy.enforce-tls-profile to false it works. I.e. the server at furry.fm is misconfigured. It tries to use AES-CBC-SHA encryption with HTTP/2, which is not permitted. Not our fault, except we're maybe a bit strict in this regard, but I guess that's generally a good thing.

   • Edit

10. 10 Posted by Joachim on 30 Mar, 2018 09:36 AM

    

    Chris, the website worked fine since March 2016 when I found it the first time.
    I always used the latest version of TFF, and it worked with every version almost 2 years. My last time I opened the site successfully was about end of february 2018.

    • Edit

11. Support Staff 11 Posted by Chris (chtrusch... on 30 Mar, 2018 10:15 AM

    

    Joachim, thanks for the info. This is what you can do:

    a) Ideally you should talk to the site owner and ask them to configure their server correctly for HTTP/2. If they can't/won't/don't understand:
    b) type about:config in the URL bar of the browser, search for
    network.http.spdy.enforce-tls-profile
    and double-click it to set it to false. This way you'll make TenFourFox a little bit less secure but more compatible with furry.fm.

    • Edit

12. Support Staff 12 Posted by Chris (chtrusch... on 30 Mar, 2018 10:20 AM

    

    Cameron, what's to do? To disable HTTP2 and force the server to use HTTP 1.1 or the old spdy implementation (like TFF 31, that's why furry.fm still works in that version) doesn't seem like a good idea. To disable all old AES-CBC-SHAs would force servers to use more recent encryption methods, which works with furry.fm but would probably break other sites. Defaulting to network.http.spdy.enforce-tls-profile=false would allow servers to smuggle in old encryption with HTTP2. There's really no good solution to this.

    • Edit

13. Support Staff 13 Posted by Cameron Kaiser on 30 Mar, 2018 10:55 AM

    

    Chris, what exact cipher does it negotiate (Command-I, security tab)? On this Firefox on an Intel MacBook, it negotiates ECDHE-RSA-AES256-GCM-SHA384. That matches the cipher list the server appears to export, and is not a TenFourFox supported cipher. However, the server should also support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, and TenFourFox does support that. Is there a change in the cipher it negotiates between FPR7b1 (which has an additional CBC-SHA cipher to get Amtrak working) and FPR6? The best solution might be issue 480: https://github.com/classilla/tenfourfox/issues/480

    • Edit

14. Support Staff 14 Posted by Cameron Kaiser on 30 Mar, 2018 11:00 AM

    

    (For reference, here is the SSLLabs analysis: https://www.ssllabs.com/ssltest/analyze.html?d=furry.fm )

    • Edit

15. Support Staff 15 Posted by Chris (chtrusch... on 30 Mar, 2018 12:17 PM

    

    Provided network.http.spdy.enforce-tls-profile is set to false:
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is negociated for both FPR6.1 and FPR 7b1.

    • Edit

16. 16 Posted by Joachim on 30 Mar, 2018 04:39 PM

    

    Chris, thank you very much! This works fine. For the moment, I will chance this setting when I want to visit this site, after I will activate it again. This is not big business.
    Thanks a lot to the support theam, you help to keep our good old PPC macs alive!

    • Edit

17. Support Staff 17 Posted by Cameron Kaiser on 10 Apr, 2018 09:17 PM

    

    Confirmed that adding support for ECDHE-RSA-AES256-GCM-SHA384 fixes the reported site as per issue 480, so this will be part of FPR7 beta 2.

    • Edit

18. Support Staff 18 Posted by Cameron Kaiser on 14 Apr, 2018 10:55 PM

    

    This is now in FPR7b2: http://tenfourfox.blogspot.com/2018/04/tenfourfox-fpr7b2-available....

    • Edit