X
Tap here to go to the mobile version of the site.

Support Forum

This thread was closed and archived. Please ask a new question if you need help.

ssl_error_bad_mac_read error on credit card payment

Posted

I'm trying to process a credit card payment for Norwegian Airlines. When taking me to the Verified by Visa page on my credit card account ( https://www.vpv.scddesjardins.com/ ) I get the secured connection failed page: "An error occurred during a connection to www.vpv.scddesjardins.com. SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read) " Their server seems to be still running SSL 3.0 and some other terrible things, but on another website I had this issue I got a different error message. Should I be contacting my credit card company, and if so what should I be asking them to do? I can't give a public page, obviously, and though I tried to test it on Chrome, they're charging me 7 EUR more for the flight on Chrome than Firefox (just another reason to use FF!).

I'm trying to process a credit card payment for Norwegian Airlines. When taking me to the Verified by Visa page on my credit card account ( https://www.vpv.scddesjardins.com/ ) I get the secured connection failed page: "An error occurred during a connection to www.vpv.scddesjardins.com. SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read) " Their server seems to be still running SSL 3.0 and some other terrible things, but on another website I had this issue I got a different error message. Should I be contacting my credit card company, and if so what should I be asking them to do? I can't give a public page, obviously, and though I tried to test it on Chrome, they're charging me 7 EUR more for the flight on Chrome than Firefox (just another reason to use FF!).

Chosen solution

Or maybe...

When I test that site in Chrome, it says the site uses TLS 1.0, an older version of the SSL standard that Firefox 37 no longer treats as secure. This is a change from Firefox 36.

You can make a site-specific exception for the problem server so Firefox allows TLS 1.0:

Here's how:

(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character, and not including either of those. In this case: www.vpv.scddesjardins.com

(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(3) In the search box above the list, type or paste tls and pause while the list is filtered

(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.

When you reload that site, Firefox 37 should display the site (of course, I can't test without the full URL).

Read this answer in context 19

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape 11.0.10
  • GEPlugin
  • Version 5.40.2.0
  • Google Update
  • Intel web components updater - Installs and updates the Intel web components
  • Intel web components for Intel® Identity Protection Technology
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.40.2 for Mozilla browsers
  • Shockwave Flash 17.0 r0
  • 5.1.30514.0
  • VLC media player Web Plugin
  • iTunes Detector Plug-in

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0

More Information

jscher2000
  • Top 10 Contributor
8776 solutions 71743 answers

The error code ssl_error_bad_mac_read is somewhat rare on this forum. Past solutions may have included (sometimes it's hard to tell which suggestion helped):

  • Disabling Firefox from using IPv6 (see that topic in: Firefox can't load websites but other browsers can)
  • Checking for a proxy setting in the Options dialog: "3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button -- try "No Proxy"
  • Fixing a flaky internet connection
  • Removing some extensions (e.g., MaskMe and an old version of DoNotTrackMe)
  • Bypassing the filtering software NetNanny
The error code ssl_error_bad_mac_read is somewhat rare on this forum. Past solutions may have included (sometimes it's hard to tell which suggestion helped): * Disabling Firefox from using IPv6 (see that topic in: [[Firefox can't load websites but other browsers can]]) * Checking for a proxy setting in the Options dialog: "3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button -- try "No Proxy" * Fixing a flaky internet connection * Removing some extensions (e.g., MaskMe and an old version of DoNotTrackMe) * Bypassing the filtering software NetNanny
jscher2000
  • Top 10 Contributor
8776 solutions 71743 answers

Chosen Solution

Or maybe...

When I test that site in Chrome, it says the site uses TLS 1.0, an older version of the SSL standard that Firefox 37 no longer treats as secure. This is a change from Firefox 36.

You can make a site-specific exception for the problem server so Firefox allows TLS 1.0:

Here's how:

(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character, and not including either of those. In this case: www.vpv.scddesjardins.com

(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(3) In the search box above the list, type or paste tls and pause while the list is filtered

(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.

When you reload that site, Firefox 37 should display the site (of course, I can't test without the full URL).

Or maybe... When I test that site in Chrome, it says the site uses TLS 1.0, an older version of the SSL standard that Firefox 37 no longer treats as secure. This is a change from Firefox 36. You can make a site-specific exception for the problem server so Firefox allows TLS 1.0: Here's how: (1) Copy the host name of the server address. This is the part ''between'' the https:// protocol and the next / character, and not including either of those. In this case: '''www.vpv.scddesjardins''.''com''' (2) In a new tab, type or paste '''about:config''' in the address bar and press Enter. Click the button promising to be careful. (3) In the search box above the list, type or paste '''tls''' and pause while the list is filtered (4) Double-click the '''security.tls.insecure_fallback_hosts''' preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change. When you reload that site, Firefox 37 should display the site (of course, I can't test without the full URL).

Helpful Reply

Thanks. I should say that while this workaround worked, I still yelled at the server owners for their woefully out of date and insecure server. If anyone sees this, they should not just apply the workaround and continue using insecure connections as if nothing happened, but get the administrator to update their technology by a decade or two.

Thanks. I should say that while this workaround worked, I still yelled at the server owners for their woefully out of date and insecure server. If anyone sees this, they should not just apply the workaround and continue using insecure connections as if nothing happened, but get the administrator to update their technology by a decade or two.
manjit2970 0 solutions 2 answers

at security.tls.insecure_fallback_hosts preferences I added www.onlinesbi.com, made it OK, started again firefox and checked but the the error is same i.e

"An error occurred during a connection to www.onlinesbi.com. SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)
   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem."
at security.tls.insecure_fallback_hosts preferences I added www.onlinesbi.com, made it OK, started again firefox and checked but the the error is same i.e "An error occurred during a connection to www.onlinesbi.com. SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."