Our gateway issues have been resolved, however if you're still running version 35 of Mozilla Firefox, you might run into some issues.
How can you fix it? Upgrade to version 36 (and maybe clear your cache for good measure) on PC!
Once you've upgraded to version 36, you should be able to access gateway on PC without any issues.
We are still looking into the issues affecting mobile devices.
Enjoy!
so it doesn't work on version 37 then? because it's updated to the latest which is 37. NOT 36 which is old.
anyone hello??
0
hallowoakMember, Neverwinter Beta UsersPosts: 3Arc User
edited April 2015
This is really sad. I have everything up to date and cleared the chache and haven't been able to log on for almost a week. It really shouldn't be this much of a run around to get into and play a game.
so I guess, if you can't open the three locks on your front door, the door gets replaced with a sliding paper door... nice to know, where do you live?
and btw. it is not FF malfunctioning, but the TLS version that PWE/Cryptic uses on the Gateway site. So until they update the security on that site (TLS version 3) FireFox will block it.
Fortunately there is a workaround, that will work with 37.0.1 and that is to change one variable under about:config.
Set security.tls.version.fallback-limit to 1. But be aware that this lowers your security level for ALL websites, that use TLS in a non-secure version.
I finally said screw it, took the 2 minutes to d/l and install chrome, relabeled it's launcher icon "NWN Gateway" and set the gateway as it's homepage.
The gateway also appears to run more smoothly in the Chrome window than it ever did in FF, but that might just be because I haven't seen it in a week and a half.
The connection to gateway.playneverwinter.com was interrupted while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
0
torontodaveMember, NW M9 PlaytestPosts: 992Arc User
edited April 2015
anyone using old SSL is vulnerable.
TLS 1.0 has been sploited. This is the reason we can't use Mozilla Firefox. It won't let us use bugged sploited holes. *cough*ahem cryptic*cough*
Your password could be at risk by using chrome/IE .. Unprofessional to allow it to continue. In fact, due to the age of this thread, I'd wager Cryptic would be the ones found liable if any security breach were to occur.
This should be fixed. update TLS (SSL) already.
NW-DSQ39N5SJ - 'To Infinity, and BEYOND!' - Spelljammer Quest. Skyships, Indiana Jones moments NW-DC9R4J5EH - 'The Black Pearl' - Spelljammer! Phlo Riders and Space Orcs
Thanks for all the fish.
So i don't often use gateway but recently figured I'd like to do some adventuring. Only this problem occurs. I'm already using an update to date version of firefox, mines actually version 37, the most up to date, and I'm still getting the error.
I've tried resetting cache, hard refreshing and the other usual suspects without luck.
I'm not overly bothered since I could, if i wanted to, use another browser, but its a bit annoying when someone tells you how to fix something that shouldnt need fixing only for the fix to not work
So i don't often use gateway but recently figured I'd like to do some adventuring. Only this problem occurs. I'm already using an update to date version of firefox, mines actually version 37, the most up to date, and I'm still getting the error.
I've tried resetting cache, hard refreshing and the other usual suspects without luck.
I'm not overly bothered since I could, if i wanted to, use another browser, but its a bit annoying when someone tells you how to fix something that shouldnt need fixing only for the fix to not work
at this point it's obvious they either fired the person(s) responsible for gateway and/or simply do not care any more.
I can confirm this works. I was testing around with several ssl settings before the weekend and found that re-supporting the older SSL/TSL versions proved to be effective....
However, I do wish to point out that there's a very good reason TSL1.0 is no longer allowed by FF to be used in https connections. The other browsers are merely slower to implement the same change and the rest will follow shortly. So the server still requires an update to at least TSL1.1, preferably 1.2. SSL3 has been proven insecure already, so there's no need to upgrade that far. In fact, if they did it would only increase the risk of getting it hacked....
....I do urge everyone to undo the change as soon as Cryptic updated their server.....
& when do you think Cryptic will update there servers? I was unable to logon to the gateway since FF updated to ver37, however I've been getting the "...certificate is invalid..." for at least 4 months. You would think that they would have addressed this by now. They don't have to write code for the certificate.
This is something that really should not have happened.
0
torontodaveMember, NW M9 PlaytestPosts: 992Arc User
I have to agree here. If they had any sense of responsibly they'd shut the gateway down completely. As for the legal stuff.. don't bring that here or your post will get deleted. Besides, since the gateway is a "beta" product, I think they can wave that liability pretty easily. In the US at any rate. In Europe they'd be forced to add a warning to the site at the very least.
Haha. I was joking anyways. The law is for real companies that do real business in the real world. ;D
Making a good foundry takes a week. Beta-testing, bug-fixing and polishing that same foundry takes 3 more weeks.
Cryptic didn't do enough beta-testing, bug-fixing, or polishing. Mod6 is proof of that.
Skills are broken, Stats are broken, PVP is broken (yes you, daze+smoke+stun TR's), Gateway security certificate is broken. Currencies are broken, Crafting is broken. Progression is broken. Itemization is broken. Should I go on? ;X
It's like a busted-down broken car that keeps getting a new coat of paint.
If mod6 is the tear-down and the rebuild, we need more mechanics on the job.
NW-DSQ39N5SJ - 'To Infinity, and BEYOND!' - Spelljammer Quest. Skyships, Indiana Jones moments NW-DC9R4J5EH - 'The Black Pearl' - Spelljammer! Phlo Riders and Space Orcs
Thanks for all the fish.
So, here's a real 'fix' (well, work-around). First an explanation..
Firefox has (since a few versions back) stopped supporting TLS 1.0 as a secure connection method for HTTPS. Chrome is still supporting this, at the moment.
The work-around is to allow Firefox to use TLS 1.0 again (instead of only TLS 1.1 and 1.2). Please note that this is no more insecure than using Chrome (TLS 1.0 _is_ more insecure than 1.1 and 1.2 but if you do not object to using Chrome for accessing the gateway, this will make Firefox no more insecure than you're already using Chrome now).
First, open the about:config page of Firefox (this allows you change settings at very low level). As a URL use 'about:config'. This will show a warning page about 'voiding your warranty', so be careful is changing nothing else than the TLS setting we need to get HTTPS working again with the Gateway. To enter the real config page click the "I'll be careful, I'll promise" button.
This will show a list of settings with columns: Preference Name, Status, Type and Value, and a Search: line at the top. In the Search: type 'tls.version' (without the quotes).
At the top now should be a line showing
security.tls.version.fallback-limit
with status 'default', type 'integer' and value '3'
double-click that line
it will open a pop-up box with the number '3', change that number to '1' and click 'Ok'
This will change that line to bold (indicating the default value has been changed) with status 'user set'
For those changing your Firefox settings, moving the default fallback-limit from 3 to 1 will open this up for all websites. You can limit the exposure so that it applies to Neverwinter Gateway only by doing this instead:
A little cleaner solution for firefox 37 is to set security.tls.insecure_fallback_hosts to:
gateway.playneverwinter.com,gatewaytest.playneverwinter.com
This way you alter Firefox for Neverwinter's gateways.
0
obsiddiaMember, NW M9 PlaytestPosts: 1,025Arc User
edited April 2015
I have 37.0.2 ...Pretty sure it's the website designer's job to make things compatible
with a well known browser, and not the player's job to monkey with settings after hunting
through the company board and user suggestions. Be Professional. Fix bugs. Don't make
us come here to see what went wrong, again.
Did you really think anyone could steal the power of the god of thieves?
I have 37.0.2 ...Pretty sure it's the website designer's job to make things compatible
with a well known browser, and not the player's job to monkey with settings after hunting
through the company board and user suggestions. Be Professional. Fix bugs. Don't make
us come here to see what went wrong, again.
100% agree with this! They really need to spend the next few weeks/months focusing on the existing issues as this has become rediculous. The list of bugs has gotten way out of hand and nothing seems to ever get properly fixed anymore.... band-aiding is not the answer! I have seen more than half of my friends and guild members just not come back to the game after the mod 6 release of garbage
Take the extra time to do the job right and it will never come back to bite you in the A**
0
instynctiveMember, NW M9 PlaytestPosts: 1,885Arc User
edited April 2015
Not sure why they couldn't have just used VBulletin or phpBB.
Edited to add: Oh, this *is* VBulletin.. I wonder how they managed to screw it up so bad...
I have 37.0.2 ...Pretty sure it's the website designer's job to make things compatible
with a well known browser, and not the player's job to monkey with settings after hunting
through the company board and user suggestions. Be Professional. Fix bugs. Don't make
us come here to see what went wrong, again.
I absolutely agree with this. I'm not upset that it's broken (although I do want it fixed), but I'm also not going to alter my security settings or make exceptions for websites. There is just too much stuff to track as it is and I don't need to have that sort of stuff on my plate. Make the site work or I'm just not going to use it.
I will use the Arc launcher though. If they want to manage their site through that then fine. I don't use Arc a lot though and I don't give the plugins permission in my browsers.
So I'm not too well versed in website security or certificates and the like. I really just have one main question:
Would it be considered safe to access the gateway on my mobile device using the the mobile data connection (4G)? I know it isn't safe to connect to a public WiFi network with these bad certificates, but I don't connect to public WiFi ever. I'd like to be able to use the gateway on the go, as I really have no need to use it at home. If it's safe, I'll use it; if there are risks to my data using 4G I'm going to steer clear. I really just wish this was fixed.
If you used one of the workarounds below, return your browser to the default settings.
- As a URL, use: about:config
- Search for: fallback
- Modify the settings so that security.tls.version.fallback-limit is 1, and change security.tls.insecure_fallback_hosts so that gateway.playneverwinter.com,gatewaytest.playneverwinter.com are no longer listed. (This probably makes security.tls.insecure_fallback_hosts completely empty/blank.)
So, here's a real 'fix' (well, work-around). First an explanation..
Firefox has (since a few versions back) stopped supporting TLS 1.0 as a secure connection method for HTTPS. Chrome is still supporting this, at the moment.
The work-around is to allow Firefox to use TLS 1.0 again (instead of only TLS 1.1 and 1.2). Please note that this is no more insecure than using Chrome (TLS 1.0 _is_ more insecure than 1.1 and 1.2 but if you do not object to using Chrome for accessing the gateway, this will make Firefox no more insecure than you're already using Chrome now).
First, open the about:config page of Firefox (this allows you change settings at very low level). As a URL use 'about:config'. This will show a warning page about 'voiding your warranty', so be careful is changing nothing else than the TLS setting we need to get HTTPS working again with the Gateway. To enter the real config page click the "I'll be careful, I'll promise" button.
This will show a list of settings with columns: Preference Name, Status, Type and Value, and a Search: line at the top. In the Search: type 'tls.version' (without the quotes).
At the top now should be a line showing
security.tls.version.fallback-limit
with status 'default', type 'integer' and value '3'
double-click that line
it will open a pop-up box with the number '3', change that number to '1' and click 'Ok'
This will change that line to bold (indicating the default value has been changed) with status 'user set'
A little cleaner solution for firefox 37 is to set security.tls.insecure_fallback_hosts to:
gateway.playneverwinter.com,gatewaytest.playneverwinter.com
This way you alter Firefox for Neverwinter's gateways.
Comments
so it doesn't work on version 37 then? because it's updated to the latest which is 37. NOT 36 which is old.
anyone hello??
Have you tried http://nw-forum.perfectworld.com/showthread.php?852761-Connecting-to-Neverwinter-Gateway-on-Firefox-on-PC-Use-version-36/page6&p=10430751#post10430751 ?
and btw. it is not FF malfunctioning, but the TLS version that PWE/Cryptic uses on the Gateway site. So until they update the security on that site (TLS version 3) FireFox will block it.
Fortunately there is a workaround, that will work with 37.0.1 and that is to change one variable under about:config.
Set security.tls.version.fallback-limit to 1. But be aware that this lowers your security level for ALL websites, that use TLS in a non-secure version.
The gateway also appears to run more smoothly in the Chrome window than it ever did in FF, but that might just be because I haven't seen it in a week and a half.
The connection to gateway.playneverwinter.com was interrupted while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
TLS 1.0 has been sploited. This is the reason we can't use Mozilla Firefox. It won't let us use bugged sploited holes. *cough*ahem cryptic*cough*
Your password could be at risk by using chrome/IE .. Unprofessional to allow it to continue. In fact, due to the age of this thread, I'd wager Cryptic would be the ones found liable if any security breach were to occur.
This should be fixed. update TLS (SSL) already.
NW-DC9R4J5EH - 'The Black Pearl' - Spelljammer! Phlo Riders and Space Orcs
Thanks for all the fish.
I've tried resetting cache, hard refreshing and the other usual suspects without luck.
I'm not overly bothered since I could, if i wanted to, use another browser, but its a bit annoying when someone tells you how to fix something that shouldnt need fixing only for the fix to not work
at this point it's obvious they either fired the person(s) responsible for gateway and/or simply do not care any more.
Haha. I was joking anyways. The law is for real companies that do real business in the real world. ;D
Making a good foundry takes a week. Beta-testing, bug-fixing and polishing that same foundry takes 3 more weeks.
Cryptic didn't do enough beta-testing, bug-fixing, or polishing. Mod6 is proof of that.
Skills are broken, Stats are broken, PVP is broken (yes you, daze+smoke+stun TR's), Gateway security certificate is broken. Currencies are broken, Crafting is broken. Progression is broken. Itemization is broken. Should I go on? ;X
It's like a busted-down broken car that keeps getting a new coat of paint.
If mod6 is the tear-down and the rebuild, we need more mechanics on the job.
NW-DC9R4J5EH - 'The Black Pearl' - Spelljammer! Phlo Riders and Space Orcs
Thanks for all the fish.
with a well known browser, and not the player's job to monkey with settings after hunting
through the company board and user suggestions. Be Professional. Fix bugs. Don't make
us come here to see what went wrong, again.
100% agree with this! They really need to spend the next few weeks/months focusing on the existing issues as this has become rediculous. The list of bugs has gotten way out of hand and nothing seems to ever get properly fixed anymore.... band-aiding is not the answer! I have seen more than half of my friends and guild members just not come back to the game after the mod 6 release of garbage
Edited to add: Oh, this *is* VBulletin.. I wonder how they managed to screw it up so bad...
"...I grab my wiener and charge!" - ironzerg79
I will use the Arc launcher though. If they want to manage their site through that then fine. I don't use Arc a lot though and I don't give the plugins permission in my browsers.
Would it be considered safe to access the gateway on my mobile device using the the mobile data connection (4G)? I know it isn't safe to connect to a public WiFi network with these bad certificates, but I don't connect to public WiFi ever. I'd like to be able to use the gateway on the go, as I really have no need to use it at home. If it's safe, I'll use it; if there are risks to my data using 4G I'm going to steer clear. I really just wish this was fixed.
If you used one of the workarounds below, return your browser to the default settings.
- As a URL, use: about:config
- Search for: fallback
- Modify the settings so that security.tls.version.fallback-limit is 1, and change security.tls.insecure_fallback_hosts so that gateway.playneverwinter.com,gatewaytest.playneverwinter.com are no longer listed. (This probably makes security.tls.insecure_fallback_hosts completely empty/blank.)