Detailed description:
Norton 360 has suddenly blocked connections to any Usenet server using an SSL connection. The only way I can download from Usenet is to disable SSL.

Product & version number: Norton 360 v24.9.9452 (build 24.9.9452.879)

OS details: WIndows 11

What is the error message you are seeing? Any usenet program I use I get an SSL connection error example below taken from log of Newsbin Pro. Get similar error from other Usenet programs.

[10/14 00:44:31] ERROR news.eweka.nlSSL Lib returned error: 0xffffffffffffdaa0
[10/14 00:44:31] ERROR Downloader: Socket Exception NEWS SERVER ERROR: eweka Unable to start SSL to news server Error: SSL Negotiation Failed, Host: news.eweka.nl Error: news.eweka.nlSSL Lib returned error: 0xffffffffffffdaa0 0 The operation completed successfully. eweka

If you have any supporting screenshots, please add them:

Getting the same SSL errors here too.
This worked fine until the recent Norton changes came out - that is when the errors started.

Seems to be something in ‘Email security’ protection in Norton that is causing issues with SSL.
When ‘Email security’ in Norton Security is temporarily disabled, SSL connections work again!

Norton Team - Can you please investigate this issue and help fix it. Thanks!

I’ve seen the same thing happen recently on two different computers, but on IMAP email accounts that use SSL. Of course, you have to set things the way the email provider wants them, and everyone is moving towards more security, so turning off SSL isn’t a practical option. Actually, I saw this only when using a non-Norton VPN, but was able to get it working with the VPN if I turned off the “scan incoming email” under Email protection. I can’t say what update broke this, but it’s been in the last month or so.
While Norton claims to scan IMAP4 accounts properly, there are other articles that say they can’t properly scan SSL-encrypted connections.
I wish they would fix this!

PS: To clarify, my issue is with newsgroups - just like the issue reported by the original poster (OP).

All: Disable these two settings and reboot. Disabling QUIC/HTTPS forces fallback to UDP which in turn allows SSL without the extra scanning. Of course your mileage may vary. This solved issues for others. Note: I am NOT an Norton employee, just another user as you donating time to assist others.

disable HTTPS AND QUIC HTTP31010×674 93.9 KB

SA

@blenky Please run live updates as your product isn’t on the most current build.

SA

This did not work. Only by disabling email security cures this. Also I have auto updated to

ver 241021-4
app ver 24.10.9535 - build 24.10.9535.880

Confused a bit here. How does disabling e-mail security in Norton fix the issues with new feeds?

SA

Not sure why disabling e-mail security works but a clue may be in the error message I get if I try to use the Usenet client NZBGet:

“TLS certificate verification failed for news.eweka.nl: self signed certificate in certificate chain.”

As TLS is used for email security - maybe that’s the issue.

Norton Team,

Is anyone working on addressing this issue?
Unable to start SSL to news server Error: SSL Negotiation Failed

This SSL error issue with Newsbin app only started with the new version of Norton. Same newsserver app worked fine with prior version of Norton.

Looking forward to updates. Thanks!

Are any of you using the VPN or other VPN when this occurs? Have you also set the settings I posted in my earlier post regarding HTTPS scanning OFF and QUIC/HTTP3 scanning OFF? And a restart.

disable HTTPS AND QUIC HTTP31010×674 93.9 KB

Disable HTTP/3 (QUIC) Protocol in Browsers on User Devices

To disable HTTP/3 protocol on a user device, complete these steps in the relevant browser:

Browser settings can vary for different versions.

Google Chrome

In the browser address bar, type chrome://flags. Disable the Experimental QUIC protocol option.

Microsoft Edge

In the browser address bar, type edge://flags/. Disable the Experimental QUIC protocol option.

Mozilla Firefox

In the browser address bar, type about:config. Disable the network.http.http3.enable option.

Opera

In the browser address bar, type opera://flags/#enable-quic. From the Experimental QUIC protocol drop-down list, select Disabled.

SA

I am not doing this via a web browser, so browser settings are not applicable and not going to matter in my case.
Mine is a stand-alone newsreader app, and not being accessed via any web browser (same as OP who posted about this on that app’s forum).

QUIC/HTTP3 was not a part of the previous version of Norton software. It is an addition to the present version. SSL, whether used by an app, or a program they are affected in the same way. SSL affects messaging, e-mail, and other traffic. All traffic in and out of a device requiring a secured connection. That is what I am suggesting and trying to convey.
The new version of Norton doesn’t handle SSL and other traffic the same way as the previous version. We won’t possibly even have a fix for this and other issues even when that fix is released. In the meantime please share with us your solution if you have one. Users should not have to disable e-mail scanning as a workaround to allow another program to function. The new firewall is just a dog’s breath.

SA

As stated earlier - I tried disabling HTTP/3 (QUIC) but it does not help. The ONLY work around I have found is disabling email protection.

This is a bit rubbish - shouldn’t have this problem trying to use usenet apps with SSL security.

I’ve been bitten by this also : I’ve been using PHPMailer on Windows 10 for years. All of a sudden it stopped working. I traced it back to the Norton update and it’s Mail Protection. Turning it off solved it.

Verification error: self-signed certificate in certificate chain

I used OpenSSL to debug it …

Kind regards,
Guy

Is anyone from Norton looking into this issue?
This should be addressed / fixed so we can once again use our application(s) which use SSL without having to employ this workaround of turning email security off temporarily while using the app which needs SS connections?

Frustrating that the new version caused this issue when there was never an issue with the prior version of Norton!

Also I noticed that after I finish using my application (which needs email security off) and I re-enable ‘email security’ in Norton, my browser gives warning about security of the connection?

Is anyone at Norton working on this issue?

I am a very long time Norton user (also have recommended relatives to use it), but given the lack of response by Norton to this issue, I may have to reconsider when my subscription expires.

I also noticed that even the workaround to get my newsreader to work with the NEW Norton 360 (turning off email security in Norton Security app temporarily, which is not ideal since it leaves some protection disabled) often requires a PC reboot after using the workaround:
The reason is that after turning email security in Norton ‘Off’ temporarily (workaround needed to use my newsreader app without SSL errors) and then turning ‘email security’ back ‘On’ (after using newsreader), my various web browsers no longer load 95% of my favorites after I turn email security back ‘On’!
Rather, after using this workaround, my browser favorite sites almost all load blank pages with an error message saying they are not secure (or something to that effect - will note the exact message next time I use my newsreader and this workaround).

Not sure why Norton is not responding.

Same problem here, this is unacceptable. Please give us a fix. This way I’m moving away from the Norton product.

Same problem here.
The apps monitoring the UPS and Disk-raid is no longer able to send mail Warnings.
I tried to configure mail settings with SSL / TLS / StartTLS but all are blocked by Norton.
Disabeling e-mail protection in Norton settings fixes it.
It worked fine before November/December 24

And still no reply from Norton support… I also already left them >5 messages on the “supposed to be support” account on X (@NortonSupport) but complete silence, no reaction at all.