UPDATE: This issue has been added to the support article: https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message#w_avast-and-avg-security-products

Hi brown192, reports of this error have increased lately, and also that it can be intermittent. This is puzzling.

When you reload bypassing the cache does that make any difference? You can use either:

• Ctrl+Shift+r
• Shift+reload button

Alternately, you could test in a private window, which doesn't share cache or cookies with regular windows.

The only workaround I've seen mentioned so far was to turn off support for the newest and most secure connection protocol, TLS 1.3. Perhaps some sites or some intermediaries (security filters?) return data to Firefox that it finds invalid when this is enabled (TBD). To try that:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste TLS and pause while the list is filtered

(3) Double-click the security.tls.version.max preference to display a dialog where you can edit the value from 4 to 3 (or in other words, from TLS 1.3 to TLS 1.2). Then click OK.

If you reload the problem page, will it connect?

If you discover sites that respond to that workaround, could you share the URLs? Someone needs to study them and see what's going on.

i would try to disable avast from meddling with ssl connections like described in How to troubleshoot security error codes on secure websites

Currently misbehaving site for me: gmail.com

Bypassing cache and loading in private window both attempted without success.

Dropping to TLS 1.2 *does* fix the problem. Tested multiple times switching back and forth. With security.tls.version.max value set to "4" gmail will not load. With value set at "3" it loads properly. I'll leave it at "3" for now and see if I happen to run into any more sites causing problems. Error has been happening for about a week, but gmail today was the first time it continued to persist beyond a few reloads.

Gmail supports TLS 1.3 (screenshot attached), so perhaps it is Avast Web Shield or a different intermediary which is causing the problem.

Perhaps. Still seems like a problem on the Firefox side given that the error doesn't occur with other browsers. I'm also not sure why switching to TLS 1.2 would fix the problem if it was from the Avast web shield, but that's well beyond my technical knowledge.

Hi brown192, I think we're all still trying to sort this out.

When you have a "man in the middle" like a security filter or proxy server, there actually are two connections: one from Firefox to the intermediary, and one from the intermediary to the website. They could use different protocols, different ciphers, etc.

Maybe I'll find an old computer I can load Avast on and see whether I noticed anything strange.

jscher2000 said

Hi brown192, reports of this error have increased lately, and also that it can be intermittent. This is puzzling. When you reload bypassing the cache does that make any difference? You can use either:

• Ctrl+Shift+r
• Shift+reload button

Alternately, you could test in a private window, which doesn't share cache or cookies with regular windows.

---

The only workaround I've seen mentioned so far was to turn off support for the newest and most secure connection protocol, TLS 1.3. Perhaps some sites or some intermediaries (security filters?) return data to Firefox that it finds invalid when this is enabled (TBD). To try that:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste TLS and pause while the list is filtered

(3) Double-click the security.tls.version.max preference to display a dialog where you can edit the value from 4 to 3 (or in other words, from TLS 1.3 to TLS 1.2). Then click OK.

If you reload the problem page, will it connect?

If you discover sites that respond to that workaround, could you share the URLs? Someone needs to study them and see what's going on.

Hi jscher2000, you solution about tls max worked (while the cache bypass didn't). In my case I experienced that with www.google.it, simple as that. :)

web.whatsapp.com is the only site misbehaving for me.

It's happening with MS Edge, too. Haven't checked Chrome yet.

Hi foodi, it probably doesn't help, but here's how my Firefox connects to the site:

• Protocol: TLS 1.3
• Cipher: TLS_AES_128_GCM_SHA256

(As shown in the attached screenshot)

jscher2000 said

Hi foodi, it probably doesn't help, but here's how my Firefox connects to the site:

• Protocol: TLS 1.3
• Cipher: TLS_AES_128_GCM_SHA256

(As shown in the attached screenshot)

You're right! I have no idea what to do with that information :) I did try the about:config TLS version hack. No effect.

Hi foodi, do you have Avast, AVG, or any other "man in the middle" of your secure connections?

There is Sophos AV Enterprise running on all work machines. But I seem to be the only one experiencing this problem. Also, it just started yesterday.

To foodi:

This thread has been archived and closed, since it has been more than 180 days from the original post date (you posted your support request in an old, solved thread, started by someone else). See also Mozilla Support rules and guidelines.

Archived threads cannot be re-opened. If you are still having problems, please ask a new question. You can refer to this thread (/questions/1222739) for the background.