So i don't often use gateway but recently figured I'd like to do some adventuring. Only this problem occurs. I'm already using an update to date version of firefox, mines actually version 37, the most up to date, and I'm still getting the error.
I've tried resetting cache, hard refreshing and the other usual suspects without luck.
I'm not overly bothered since I could, if i wanted to, use another browser, but its a bit annoying when someone tells you how to fix something that shouldnt need fixing only for the fix to not work
at this point it's obvious they either fired the person(s) responsible for gateway and/or simply do not care any more.
I can confirm this works. I was testing around with several ssl settings before the weekend and found that re-supporting the older SSL/TSL versions proved to be effective....
However, I do wish to point out that there's a very good reason TSL1.0 is no longer allowed by FF to be used in https connections. The other browsers are merely slower to implement the same change and the rest will follow shortly. So the server still requires an update to at least TSL1.1, preferably 1.2. SSL3 has been proven insecure already, so there's no need to upgrade that far. In fact, if they did it would only increase the risk of getting it hacked....
....I do urge everyone to undo the change as soon as Cryptic updated their server.....
& when do you think Cryptic will update there servers? I was unable to logon to the gateway since FF updated to ver37, however I've been getting the "...certificate is invalid..." for at least 4 months. You would think that they would have addressed this by now. They don't have to write code for the certificate.
This is something that really should not have happened.
0
torontodaveMember, NW M9 PlaytestPosts: 992Arc User
I have to agree here. If they had any sense of responsibly they'd shut the gateway down completely. As for the legal stuff.. don't bring that here or your post will get deleted. Besides, since the gateway is a "beta" product, I think they can wave that liability pretty easily. In the US at any rate. In Europe they'd be forced to add a warning to the site at the very least.
Haha. I was joking anyways. The law is for real companies that do real business in the real world. ;D
Making a good foundry takes a week. Beta-testing, bug-fixing and polishing that same foundry takes 3 more weeks.
Cryptic didn't do enough beta-testing, bug-fixing, or polishing. Mod6 is proof of that.
Skills are broken, Stats are broken, PVP is broken (yes you, daze+smoke+stun TR's), Gateway security certificate is broken. Currencies are broken, Crafting is broken. Progression is broken. Itemization is broken. Should I go on? ;X
It's like a busted-down broken car that keeps getting a new coat of paint.
If mod6 is the tear-down and the rebuild, we need more mechanics on the job.
NW-DSQ39N5SJ - 'To Infinity, and BEYOND!' - Spelljammer Quest. Skyships, Indiana Jones moments NW-DC9R4J5EH - 'The Black Pearl' - Spelljammer! Phlo Riders and Space Orcs
Thanks for all the fish.
So, here's a real 'fix' (well, work-around). First an explanation..
Firefox has (since a few versions back) stopped supporting TLS 1.0 as a secure connection method for HTTPS. Chrome is still supporting this, at the moment.
The work-around is to allow Firefox to use TLS 1.0 again (instead of only TLS 1.1 and 1.2). Please note that this is no more insecure than using Chrome (TLS 1.0 _is_ more insecure than 1.1 and 1.2 but if you do not object to using Chrome for accessing the gateway, this will make Firefox no more insecure than you're already using Chrome now).
First, open the about:config page of Firefox (this allows you change settings at very low level). As a URL use 'about:config'. This will show a warning page about 'voiding your warranty', so be careful is changing nothing else than the TLS setting we need to get HTTPS working again with the Gateway. To enter the real config page click the "I'll be careful, I'll promise" button.
This will show a list of settings with columns: Preference Name, Status, Type and Value, and a Search: line at the top. In the Search: type 'tls.version' (without the quotes).
At the top now should be a line showing
security.tls.version.fallback-limit
with status 'default', type 'integer' and value '3'
double-click that line
it will open a pop-up box with the number '3', change that number to '1' and click 'Ok'
This will change that line to bold (indicating the default value has been changed) with status 'user set'
For those changing your Firefox settings, moving the default fallback-limit from 3 to 1 will open this up for all websites. You can limit the exposure so that it applies to Neverwinter Gateway only by doing this instead:
A little cleaner solution for firefox 37 is to set security.tls.insecure_fallback_hosts to:
gateway.playneverwinter.com,gatewaytest.playneverwinter.com
This way you alter Firefox for Neverwinter's gateways.
0
obsiddiaMember, NW M9 PlaytestPosts: 1,025Arc User
edited April 2015
I have 37.0.2 ...Pretty sure it's the website designer's job to make things compatible
with a well known browser, and not the player's job to monkey with settings after hunting
through the company board and user suggestions. Be Professional. Fix bugs. Don't make
us come here to see what went wrong, again.
Did you really think anyone could steal the power of the god of thieves?
I have 37.0.2 ...Pretty sure it's the website designer's job to make things compatible
with a well known browser, and not the player's job to monkey with settings after hunting
through the company board and user suggestions. Be Professional. Fix bugs. Don't make
us come here to see what went wrong, again.
100% agree with this! They really need to spend the next few weeks/months focusing on the existing issues as this has become rediculous. The list of bugs has gotten way out of hand and nothing seems to ever get properly fixed anymore.... band-aiding is not the answer! I have seen more than half of my friends and guild members just not come back to the game after the mod 6 release of garbage
Take the extra time to do the job right and it will never come back to bite you in the A**
0
instynctiveMember, NW M9 PlaytestPosts: 1,885Arc User
edited April 2015
Not sure why they couldn't have just used VBulletin or phpBB.
Edited to add: Oh, this *is* VBulletin.. I wonder how they managed to screw it up so bad...
I have 37.0.2 ...Pretty sure it's the website designer's job to make things compatible
with a well known browser, and not the player's job to monkey with settings after hunting
through the company board and user suggestions. Be Professional. Fix bugs. Don't make
us come here to see what went wrong, again.
I absolutely agree with this. I'm not upset that it's broken (although I do want it fixed), but I'm also not going to alter my security settings or make exceptions for websites. There is just too much stuff to track as it is and I don't need to have that sort of stuff on my plate. Make the site work or I'm just not going to use it.
I will use the Arc launcher though. If they want to manage their site through that then fine. I don't use Arc a lot though and I don't give the plugins permission in my browsers.
So I'm not too well versed in website security or certificates and the like. I really just have one main question:
Would it be considered safe to access the gateway on my mobile device using the the mobile data connection (4G)? I know it isn't safe to connect to a public WiFi network with these bad certificates, but I don't connect to public WiFi ever. I'd like to be able to use the gateway on the go, as I really have no need to use it at home. If it's safe, I'll use it; if there are risks to my data using 4G I'm going to steer clear. I really just wish this was fixed.
If you used one of the workarounds below, return your browser to the default settings.
- As a URL, use: about:config
- Search for: fallback
- Modify the settings so that security.tls.version.fallback-limit is 1, and change security.tls.insecure_fallback_hosts so that gateway.playneverwinter.com,gatewaytest.playneverwinter.com are no longer listed. (This probably makes security.tls.insecure_fallback_hosts completely empty/blank.)
So, here's a real 'fix' (well, work-around). First an explanation..
Firefox has (since a few versions back) stopped supporting TLS 1.0 as a secure connection method for HTTPS. Chrome is still supporting this, at the moment.
The work-around is to allow Firefox to use TLS 1.0 again (instead of only TLS 1.1 and 1.2). Please note that this is no more insecure than using Chrome (TLS 1.0 _is_ more insecure than 1.1 and 1.2 but if you do not object to using Chrome for accessing the gateway, this will make Firefox no more insecure than you're already using Chrome now).
First, open the about:config page of Firefox (this allows you change settings at very low level). As a URL use 'about:config'. This will show a warning page about 'voiding your warranty', so be careful is changing nothing else than the TLS setting we need to get HTTPS working again with the Gateway. To enter the real config page click the "I'll be careful, I'll promise" button.
This will show a list of settings with columns: Preference Name, Status, Type and Value, and a Search: line at the top. In the Search: type 'tls.version' (without the quotes).
At the top now should be a line showing
security.tls.version.fallback-limit
with status 'default', type 'integer' and value '3'
double-click that line
it will open a pop-up box with the number '3', change that number to '1' and click 'Ok'
This will change that line to bold (indicating the default value has been changed) with status 'user set'
A little cleaner solution for firefox 37 is to set security.tls.insecure_fallback_hosts to:
gateway.playneverwinter.com,gatewaytest.playneverwinter.com
This way you alter Firefox for Neverwinter's gateways.
If you used one of the workarounds below, return your browser to the default settings.
- As a URL, use: about:config
- Search for: fallback
- Modify the settings so that security.tls.version.fallback-limit is 1, and change security.tls.insecure_fallback_hosts so that gateway.playneverwinter.com,gatewaytest.playneverwinter.com are no longer listed. (This probably makes security.tls.insecure_fallback_hosts completely empty/blank.)
There's also a 'reset' option (when right-clicking a setting) to revert to default settings for "security.tls.version.fallback-limit" (making it '1') and/of for "security.tls.insecure_fallback_hosts" (removing all entries)
And, btw, Chrome is doing better in encryption suite settings (TLS 1.2, AES 256 bits) compared to Firefox (TLS 1.2, AES 128 bits). But both quite secure.
Well it was working on my android phone on both the built in browser and Chrome when I tried it for the last couple of days, but today when I tried it again I get the same old untrusted certificate error again. Nothing has changed on my phone, no updates on either the built in browser or the Chrome browser I use.
Update: Well it is now working again ( no error message ) on my android phone. I still have not changed anything on my phone ( updates or even a restart ) so I guess it must have been fixed on their end. If so, thank you very much!
Well it was working on my android phone on both the built in browser and Chrome when I tried it for the last couple of days, but today when I tried it again I get the same old untrusted certificate error again. Nothing has changed on my phone, no updates on either the built in browser or the Chrome browser I use.
Comments
at this point it's obvious they either fired the person(s) responsible for gateway and/or simply do not care any more.
Haha. I was joking anyways. The law is for real companies that do real business in the real world. ;D
Making a good foundry takes a week. Beta-testing, bug-fixing and polishing that same foundry takes 3 more weeks.
Cryptic didn't do enough beta-testing, bug-fixing, or polishing. Mod6 is proof of that.
Skills are broken, Stats are broken, PVP is broken (yes you, daze+smoke+stun TR's), Gateway security certificate is broken. Currencies are broken, Crafting is broken. Progression is broken. Itemization is broken. Should I go on? ;X
It's like a busted-down broken car that keeps getting a new coat of paint.
If mod6 is the tear-down and the rebuild, we need more mechanics on the job.
NW-DC9R4J5EH - 'The Black Pearl' - Spelljammer! Phlo Riders and Space Orcs
Thanks for all the fish.
with a well known browser, and not the player's job to monkey with settings after hunting
through the company board and user suggestions. Be Professional. Fix bugs. Don't make
us come here to see what went wrong, again.
100% agree with this! They really need to spend the next few weeks/months focusing on the existing issues as this has become rediculous. The list of bugs has gotten way out of hand and nothing seems to ever get properly fixed anymore.... band-aiding is not the answer! I have seen more than half of my friends and guild members just not come back to the game after the mod 6 release of garbage
Edited to add: Oh, this *is* VBulletin.. I wonder how they managed to screw it up so bad...
"...I grab my wiener and charge!" - ironzerg79
I will use the Arc launcher though. If they want to manage their site through that then fine. I don't use Arc a lot though and I don't give the plugins permission in my browsers.
Would it be considered safe to access the gateway on my mobile device using the the mobile data connection (4G)? I know it isn't safe to connect to a public WiFi network with these bad certificates, but I don't connect to public WiFi ever. I'd like to be able to use the gateway on the go, as I really have no need to use it at home. If it's safe, I'll use it; if there are risks to my data using 4G I'm going to steer clear. I really just wish this was fixed.
If you used one of the workarounds below, return your browser to the default settings.
- As a URL, use: about:config
- Search for: fallback
- Modify the settings so that security.tls.version.fallback-limit is 1, and change security.tls.insecure_fallback_hosts so that gateway.playneverwinter.com,gatewaytest.playneverwinter.com are no longer listed. (This probably makes security.tls.insecure_fallback_hosts completely empty/blank.)
There's also a 'reset' option (when right-clicking a setting) to revert to default settings for "security.tls.version.fallback-limit" (making it '1') and/of for "security.tls.insecure_fallback_hosts" (removing all entries)
Update: Well it is now working again ( no error message ) on my android phone. I still have not changed anything on my phone ( updates or even a restart ) so I guess it must have been fixed on their end. If so, thank you very much!
same here ........