Can't access agilebits.com — secure connection error

bluesky
bluesky
Community Member
edited December 2015 in Lounge

I have an MacBook Air that I've been using exclusively for the past year, but since I have to take it in for repair, I have just done a clean install of El Capitan on my 2009 iMac and migrated all my data over to it from my MacBook Air using Migration Assistant.

I am able to use the 1P app and browser extensions on the iMac okay, but for some strange reasons I can't get onto agilebits.com from FF, Chrome or Safari. FF tells me "Secure Connection Failed," Chrome says, "No data received" and "ERR_EMPTY_RESPONSE, and Safari says it can't establish a secure connection.

Have any idea what this is about? I am not having it with any other website or with my MB Air, which is still on Yosemite.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

«1

Comments

  • khad
    khad
    1Password Alumni

    Hi @bluesky,

    Thanks for taking the time to contact us. I'm sorry that you are having some trouble.

    All of us on the team here (working remotely from many different countries) are able to access agilebits.com, so I'm wondering what the trouble might be on your Mac.

    1. Are you able to access agilebits.com on another computer on the same Wi-Fi network (like your smartphone)?
    2. Are you able to access agilebits.com on your smartphone with Wi-Fi turned off? That is, over your cellular connection?
  • bluesky
    bluesky
    Community Member

    I did say that I'm not having this issue on my MB Air, so yes I know it's an issue with my computer, and it is ONLY with agilebits.com, no other website, so that's why I'm asking you guys first what could be causing it.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @bluesky: Ultimately I can only guess: DNS, browser, or OS problem — possibly related to caching. Have you tried resetting the browser and rebooting, and restarting the router? However, the secure connection error sounds like you may have a certificate issue: the date and time could be off on the iMac or you could have damaged or invalid security settings.

    Unfortunately there's really no way for us to know what might be going wrong on your iMac that would prevent you from viewing the website. Seeing as we don't have access to it, you'll likely have a better idea of what may have happened then we ever could! If none of that helps, it may be necessary to contact Apple to do some more in-depth device troubleshooting. Please let us now how it turns out!

  • Bill_W
    Bill_W
    Community Member

    I am having a similar issue on multiple computers (PC and Mac) / tablets (iOS and android) accessing agilebits.com in my house. I wanted to reinstall 1pw for Windows but couldn't find a download. I found an old version which once installed correctly updated.

  • swim3991
    swim3991
    Community Member

    I am having the same problem. Doesn't matter which network I am on, I can't reach ANY agilebits.com websites. I can't download the extension for firefox either because of this. I have restarted, tried at home, and on other wi-fi networks. I'm also on a MacBook air that has never had problems accessing these sites before.

    Any ideas?

    This is what I get no matter what: Secure Connection Failed

    The connection to agilebits.com was interrupted while the page was loading.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.
    
  • swim3991
    swim3991
    Community Member

    I found this as well: https://support.mozilla.org/en-US/kb/tls-error-reports

    If you experience this problem, contact the owners of the website and ask them to update their TLS version to a version that is still current and still secure.

    This all started happening after the latest Firefox update....but for whatever reason it is impacting all browsers. Not sure if they updated something with the security, but I think that might be the issue.

  • agiletim
    agiletim
    1Password Alumni

    @swim3991 : Can you check certificate information in Firefox or Chrome ?
    Usually when there is SSL/TLS issue one of the certificates in the chain of trust is not trusted anymore and breaks whole chain.
    I remember having similar issues with newly installed ElCapitan, when it had not cleaned older version of root certificates.

  • agiletim
    agiletim
    1Password Alumni

    ah, it might be silly suggestion, but can you check your system time, if it is correctly set, time offset can be the reason of SSL issues sometimes.

  • swim3991
    swim3991
    Community Member

    System time is correct. I do have El Capitan, how do I clean out older root certificates?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @swim3991: In Keychain Access, but that's really easier said than done unless you know what your'e looking for.

    What you really need to do is find the one that's causing the problem. The easiest way to do this is to check the details of the error, as it should tell you the certificate that's failing the check. And if you're going to agilebits.com and seeing anything other than this for the certificate, you've installed an impostor:

  • Bill_W
    Bill_W
    Community Member

    I am not seeing any security issue. The following is displayed:

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Bill_W: Thanks for clarifying! Have you tried resetting your networking equipment as suggested in the screenshot (routers, modems, connected devices)? And yes, on an iOS device you won't get very much information This is what I see in Chrome on my iPad:

    Note the 'padlock' in the address bar in my screenshot. Your connection is being reset because you cannot establish a secure connection to the server, and an insecure connection is not supported. There are many possible causes, involving your network configuration being setup incorrectly or malfunctioning. So doing some resets is a good place to start. Please let me know what you find!

  • Bill_W
    Bill_W
    Community Member
    edited December 2015

    G'day. I think I got to the bottom of this. Turned out my router MTU setting was the issue. The router was only recently replaced, so once I adjusted (to 1500) the site came to life. What confused me most was that only your home page seemed to be affected. All others (this page, blog etc) worked. All the links to the home page from those pages failed.

    Regards,

    Bill

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited December 2015

    @Bill_W: Thanks for following up! That's very strange that changing the MTU resolved the issue. Honestly, I wonder if making any change forced a restart of something in the box which cleared up something completely unrelated, but we may never know. It's more likely that there's some caching issue there (DNS?)

    I will say that I (used to?) have a similar problem in Safari on my Mac with the forums here refusing to load, where everything else would load just fine. Sometimes loading the page in Chrome would work, and then I'd be able to load it again in Safari afterward...but often only restarting the computer would get it working again.

    Anyway, hopefully your troubles are behind you, but be sure to reach out if you need anything else! :)

  • chriskinsman
    chriskinsman
    Community Member

    Over the past few weeks I noticed that I keep having problems connecting to the Agile Bits website. Is there a reason for this?

    Safari can’t open “https://agilebits.com/store” because Safari can’t establish a secure connection.


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Sync Type: Not Provided

  • Stephen_C
    Stephen_C
    Community Member

    @chriskinsman I've taken the liberty of merging your post in to an existing thread discussing the same problem. It may be that some of the suggestions in the thread will be of help to you.

    Stephen

  • chriskinsman
    chriskinsman
    Community Member
    edited December 2015

    Thank you. Well… it seems to be working fine now in Safari after I opened the Developer Tools. However, I still get the same error message in Firefox.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @chriskinsman: Unless it's a configuration issue on your computer or network, simply restarting the computer may help.

    The AgileBits site requires TLS, and if there's a breach in the chain of trust, it will be impossible to establish a secure connection (as noted in the error you mentioned in your post), and the the connection attempt will fail. Common culprits are:

    • Network glitch
    • 'Security' software trying to intercept the connection, either on the fly or by installing an invalid certificate
    • Hardware or software problem (I unfortunately still need to reset Wi-Fi once every day or so)
    • Browser configuration issue (for example, one user reported that they'd forgotten about changing security settings in Firefox previously)

    Does any of that ring a bell?

  • riegelstamm
    riegelstamm
    Community Member

    I'm having the exact same problem as reported above: agilebits.com will not open on my Mac in Safari, Firefox or Chrome because the secure connection failed. This is the only website I can't open for this reason. It opens using a Windows computer and Android phone, telling me it's not my network. I was able to get it to open in Safari by using the developer tools to empty caches, but still no go in Chrome or Firefox. At least I can download the Firefox extension now. This all started when Firefox updated to v43 and it disabled the 1Password extension. I tried clearing caches in Chrome & Firefox to no avail. I don't see any security settings I can change that might affect this bad behavior. I searched for a certificate in Keychain like the one above, but while I have certificates from GlobalSign Root CA, none of them are for Agilebits. I use Avast Mac Security, Ghostery, and uBlock, but there are no settings that should block Agilebits. I hope that someone can solve this mystery!

  • vividhsv
    vividhsv
    Community Member

    I was planning to buy 1Password. However, I was not able to open agilebits.com.
    It turns out Avast Mac Security was blocking the site. After disabling Web Sheild on Avast, I am now able to open agilebits.com

  • AGAlumB
    AGAlumB
    1Password Alumni

    @vividhsv: Thanks for bringing that up. That's one example of how a break in the chain of trust can cause connection issues, and Avast certainly isn't the only entity doing this.

    @riegelstamm: Sorry for the confusion! Many sites are less strict about this, but at AgileBits we absolutely want to be sure that the connection is secure. After all, you're coming to us to help you be more secure online, and it would be an absolute horror if anyone malicious were able to perform a man-in-the-middle attack in order to spy on your financial transactions with AgileBits or offering you false information or files to download while masquerading as us. If we can't establish a connection that's encrypted from us to you, we'll refuse it. You should expect no less.

    In these cases, we don't know who we're communicating with, and we're not going to assume that whatever is performing a man-in-the-middle attack on you truly has your best interests in mind. And of course that's exactly what's going on here: as vividhsv mentioned, disabling the Avast "Web Shield" will then allow you to connect to agilebits.com (and other websites) securely, because Avast is decrypting the traffic in both directions to analyze it and then re-encrypting it. From the Avast blog:

    How Avast’s HTTPS scanning feature works (the short version)
    Avast is able to detect and decrypt TLS/SSL protected traffic in our Web-content filtering component. To detect malware and threats on HTTPS sites, Avast must remove the SSL certificate and add its self-generated certificate. Our certificates are digitally signed by Avast’s trusted root authority and added into the root certificate store in Windows and in major browsers to protect against threats coming over HTTPS; traffic that otherwise could not be detected.

    The problem with this practice is that it means connections that you presume are both secure and private are neither. In these cases, whether you're downloading the latest version of 1Password or buying a toaster through Amazon, the communications you're sending are going through an intermediary. The expectation is that when you see the HTTPS and/or 'padlock' icon in the address bar, that you're communicating directly with that site and no one else; but that simply isn't true if another entity can use the secure connection you've established with them instead to decrypt your communications.

    Now, just because you're not receiving an error with other sites doesn't change the fact that the connection is not end-to-end encrypted. Ultimately anything that breaks the chain of trust in this way (and, frankly, the internet) will prevent you from connecting securely to any site, although others are often more permissive when this happens, erring on the side of usability rather than security. But it's our job to do just the opposite: refuse this kind of connection where the other end cannot be authenticated. TLS can authenticate using a mutually trusted certificate authority, and Avast's root certificate is not on anyone's list (for example, the OSes and browsers we all use) as a trusted certificate authority but their own, which is why it must be installed on your system for them to be able to decrypt your HTTPS traffic in the first place. I hope this helps clear things up!

  • riegelstamm
    riegelstamm
    Community Member

    @vividhsv, thank you for solving that mystery, and @Brenty, for the explanation. I can confirm that disabling Avast Web Shield allows agilebits.com to open in Firefox. Now it's time to find a different security app that doesn't replace SSL certificates.

  • Megan
    Megan
    1Password Alumni

    Hi @riegelstamm,

    Thanks so much for following up here! I'm glad to see that Brenty's answer helped you - in fact, I learned a little from reading his reply as well.

    If you have any further questions about 1Password, we're here for you! :)

  • riegelstamm
    riegelstamm
    Community Member

    Yes, I learned something, too. I had no idea that Avast was replacing SSL certificates. I switched to Avira Free Antivirus for Mac and browser extensions, and Agilebits.com opens fine in Firefox.

  • Megan
    Megan
    1Password Alumni

    Hi @riegelstamm,

    Glad to hear it! :)

  • rcme
    rcme
    Community Member

    I am having a similar problem. I get a message on my iMac in Safari and Chrome when I try to go to the web page https://start.1password.com/signin about not being able to establish a secure connection. I can get to this web page from other devices on my network. I can log into other secure web pages from my iMac. I cannot find a certificate related to 1password. Any recommendations on what to do next?

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2016

    @rcme: To be clear, you won't have a certificate for 1Password or AgileBits on your machine; that's on the website. And it will reject the connection if it cannot authenticate an negotiate the secure connection properly.

    As mentioned previously,

    The AgileBits site requires TLS, and if there's a breach in the chain of trust, it will be impossible to establish a secure connection (as noted in the error you mentioned in your post), and the the connection attempt will fail. Common culprits are:

    • Network glitch (restarting devices may help)
    • 'Security' software trying to intercept the connection, either on the fly or by installing an invalid certificate
    • Hardware or software problem (I unfortunately still need to reset Wi-Fi once every day or so)
    • Browser configuration issue (for example, one user reported that they'd forgotten about changing security settings in Firefox previously)

    Please let us know what you find!

  • rcme
    rcme
    Community Member

    Thank you for getting back to me. I could use some assistance in troubleshooting.

    • Network glitch: I selected a completely different network and have the same problem. My iPad is able to connect on the network.
    • I do not have any security software running
    • Used a different network
    • I have the same problem on Chrome, Safari and Firefox.
      It is something on my iMac, but I am not sure what to look at next to isolate the problem. Any suggestions?
  • AGAlumB
    AGAlumB
    1Password Alumni

    @rcme: Since you mentioned that you have the same problem in every browser even on another network, it's likely that it's something on the Mac itself.

    Did you previously have "security" software installed that may have made changes to your certificate settings that persist when it's not running, or after you removed it? Companies often install their own self-signed certificates so they can decrypt secure traffic in your browser to scan connections.

    While the security settings in browsers can be modified, in their default state, Safari, Chrome, Opera, Firefox, Edge, Internet Explorer, and several others I use regularly work just fine with the various AgileBits websites. And given that you're having the same problem across multiple browsers, the only explanation I can think of is that you've installed something that either modified multiple browsers individually, or made some change at the system level which affects all of them. On the other hand, do you have an extension which is installed in each browser that might be interfering?

    One option may be to check which cypher suites are reported as supported by your browser, in case it's simply misconfigured: https://www.howsmyssl.com

    I only wish I had the answers for you. As much as this probably feels like a needle in a haystack to you, it is even more so for us, given that you're the only one who has access to your machine and know what you've installed on it or settings you've changed...and that others using the same browsers are able to connect securely. We can only talk in broad generalizations about what to look for. :(

  • killmoretrout
    killmoretrout
    Community Member

    Exact same issue as OP for me and it turned out to be Avast web shield, as well. Adding exceptions for agilebits.com fixed it. Thanks for the sleuthing, everyone.

This discussion has been closed.