X
Tap here to go to the mobile version of the site.

Support Forum

"Secure Connection Failed" occurring on growing number of sites, v40.0.2

Posted

I'm on a Mac network and many of us are getting "Secure Connection Failed: The page your are trying to view cannot be shown because the authenticity of the received data could not be verified." This number of sites displaying this error is increasing. It was just Wikipedia.org at first, but now I cannot even access Mozilla.org! I have tried virtually all of the solutions that have worked for others to no avail, including:

- Uninstalling Firefox and installing version 40.0.2

- setting "security.tls.version.fallback-limit" to 0 or 1

- setting "security.tls.version.max" to 0 or 1

- disabling "security.ssl3.dhe_rsa_aes_128_sha" and "security.ssl3.dhe_rsa_aes_256_sha"

- Uninstalling and creating a new profile

- Verifying no plugins or add-ons are causing the issue

- Refreshing Firefox

And probably others that I cannot recall. I wish I could post more browser details, but can't because I can't get on Mozilla with Firefox. Please help and many thanks!

I'm on a Mac network and many of us are getting "Secure Connection Failed: The page your are trying to view cannot be shown because the authenticity of the received data could not be verified." This number of sites displaying this error is increasing. It was just Wikipedia.org at first, but now I cannot even access Mozilla.org! I have tried virtually all of the solutions that have worked for others to no avail, including: - Uninstalling Firefox and installing version 40.0.2 - setting "security.tls.version.fallback-limit" to 0 or 1 - setting "security.tls.version.max" to 0 or 1 - disabling "security.ssl3.dhe_rsa_aes_128_sha" and "security.ssl3.dhe_rsa_aes_256_sha" - Uninstalling and creating a new profile - Verifying no plugins or add-ons are causing the issue - Refreshing Firefox And probably others that I cannot recall. I wish I could post more browser details, but can't because I can't get on Mozilla with Firefox. Please help and many thanks!

Modified by k.turner619

Chosen solution

Which site gives you inappropriate fallback alert -- the main www (https://www.mozilla.org/) or this support site? Or is this only a problem when using a partial domain that redirects, such as https://mozilla.org/?

Both this site and the www site use TLS 1.2, so Firefox does not need to fall back to TLS 1.0 in either case. Also, Firefox should have no problems connection to Wikipedia.

It sounds as though you are not making a direct connection, that there is a proxy server or something else in between you and the site, or malware.

If this is common across your network, it could be a shared proxy or something wrong with the router/firewall.

Read this answer in context 0

Additional System Details

Installed Plug-ins

Flip4Mac Window Media Plugin Google Earth Plug-in Java Applet Plug-in QuickTime Plug-in 7.7.1 OpenH264 Video Codec provided by Cisco Systems, Inc.

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; SLCC1; InfoPath.3; rv:11.0) like Gecko

More Information

jscher2000
  • Top 10 Contributor
8786 solutions 71864 answers

I'm sure you've read about checking the system clock: certificate validity checks are affected by any error in date, time, or time zone, and sometimes allowing computers to use an internet-based time source can introduce errors.

Assuming that isn't the problem... Does the untrusted connection error page show a code in parentheses (separated_by_underscore_characters)? Sometimes you need to expand a Technical Details section of the page to see the code.

Among Mac users recently, a common code is sec_error_bad_signature and the most frequent reason for getting that seems to be the Avast Web Shield. Web Shield intercepts your browsing and filters it, but to filter secure sites, it presents "fake" certificates to Firefox. Avast should have set up Firefox to trust its fake certificates but that seems to fail on a regular basis.

To test this theory, try turning off scanning of encrypted sites. I saw these steps in another post (hopefully they are applicable to Mac):

  1. Open the Avast dashboard on the affected system.
  2. Select Settings from the left sidebar menu.
  3. Switch to Active Protection.
  4. Click on Customize next to Web Shield.
  5. Uncheck the "Enable HTTPS Scanning" option and click ok

If that resolves the issue, but you prefer to filter encrypted communications, you may need to import the Avast! signing certficate into Firefox's Certificate Manager, Authorities tab.

I'm sure you've read about checking the system clock: certificate validity checks are affected by any error in date, time, or time zone, and sometimes allowing computers to use an internet-based time source can introduce errors. Assuming that isn't the problem... Does the untrusted connection error page show a code in parentheses (separated_by_underscore_characters)? Sometimes you need to expand a Technical Details section of the page to see the code. Among Mac users recently, a common code is '''sec_error_bad_signature''' and the most frequent reason for getting that seems to be the Avast Web Shield. Web Shield intercepts your browsing and filters it, but to filter secure sites, it presents "fake" certificates to Firefox. Avast should have set up Firefox to trust its fake certificates but that seems to fail on a regular basis. To test this theory, try turning off scanning of encrypted sites. I saw these steps in another post (hopefully they are applicable to Mac): #Open the Avast dashboard on the affected system. #Select Settings from the left sidebar menu. #Switch to Active Protection. #Click on Customize next to Web Shield. #Uncheck the "Enable HTTPS Scanning" option and click ok If that resolves the issue, but you prefer to filter encrypted communications, you may need to import the Avast! signing certficate into Firefox's Certificate Manager, Authorities tab.

Question owner

My system clock was not the proper time zone, but changing it hasn't proved successful. I wonder if it is clock-related, however, because I've also been unable to download add-ons and have read an error in the system clock causes add-on errors as well.

Firefox isn't displaying an error code with v40, but previous versions said "(Error code: ssl_error_no_cypher_overlap)."

Finally, I don't have Avast Web Shield installed on my computer, so that program shouldn't be causing any errors for me. Thank you for the timely response, though! I really appreciate it.

My system clock was not the proper time zone, but changing it hasn't proved successful. I wonder if it is clock-related, however, because I've also been unable to download add-ons and have read an error in the system clock causes add-on errors as well. Firefox isn't displaying an error code with v40, but previous versions said "(Error code: ssl_error_no_cypher_overlap)." Finally, I don't have Avast Web Shield installed on my computer, so that program shouldn't be causing any errors for me. Thank you for the timely response, though! I really appreciate it.
jscher2000
  • Top 10 Contributor
8786 solutions 71864 answers

I suggest undoing the change to "security.tls.version.max" if you haven't already. You don't want to force obsolete connection security if that doesn't help.

We really need some kind of error code to understand why you are getting this error. If you cant find it in the page as displayed, or in a Technical Details section that you can expand, perhaps you can find it in the Browser Console. You can open the Browser Console from the menu under "Developer", then click the Clear button to declutter the console, then try to load the problem site again and check for error messages in the console to see whether there is any detail there.

I suggest undoing the change to "security.tls.version.max" if you haven't already. You don't want to force obsolete connection security if that doesn't help. We really need some kind of error code to understand why you are getting this error. If you cant find it in the page as displayed, or in a Technical Details section that you can expand, perhaps you can find it in the Browser Console. You can open the Browser Console from the menu under "Developer", then click the Clear button to declutter the console, then try to load the problem site again and check for error messages in the console to see whether there is any detail there.

Question owner

I changed the "security" line back to default. I've attached the messages I get when trying to access Wikipedia.org

I changed the "security" line back to default. I've attached the messages I get when trying to access Wikipedia.org
jscher2000
  • Top 10 Contributor
8786 solutions 71864 answers

Unfortunately, the console didn't mention an SSL certificate error.

Is there any error code on my test page here: https://jeffersonscher.com/res/jstest.php

Unfortunately, the console didn't mention an SSL certificate error. Is there any error code on my test page here: https://jeffersonscher.com/res/jstest.php

Helpful Reply

I tested your page on a co-worker's machine, so the version is 29 not 40. No error messages were reported, but two lines were in red.

Data from HTTP Headers - browser "user agent" string: Mozilla/5.0 (Macintosh; Intel Mac OS x 10.7; rv:29.0) Gecko/20100101 Firefox/29.0

and

JavaScript Browser Tests navigator.userAgent = Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:29.0) Gecko/20100101 Firefox/29.0

Other than these two red lines, everything else was fine.

I tested your page on a co-worker's machine, so the version is 29 not 40. No error messages were reported, but two lines were in red. Data from HTTP Headers - browser "user agent" string: Mozilla/5.0 (Macintosh; Intel Mac OS x 10.7; rv:29.0) Gecko/20100101 Firefox/29.0 and JavaScript Browser Tests navigator.userAgent = Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:29.0) Gecko/20100101 Firefox/29.0 Other than these two red lines, everything else was fine.

Helpful Reply

Interesting note: I am able to access Mozilla.org with v29, but get the "secure connection failed" when updated to v40.

Interesting note: I am able to access Mozilla.org with v29, but get the "secure connection failed" when updated to v40.
jscher2000
  • Top 10 Contributor
8786 solutions 71864 answers

The lines in red on my test page are always red. What I meant was, can you get a certificate error on that page with your Firefox that doesn't like secure sites so that you can get a specific error code that might help explain what's going on.

Or can you get the error code from a page on mozilla.org?

The lines in red on my test page are always red. What I meant was, can you get a certificate error on that page with ''your'' Firefox that doesn't like secure sites so that you can get a specific error code that might help explain what's going on. Or can you get the error code from a page on mozilla.org?

Question owner

I cannot generate a certificate error from your page with my Firefox. I also get the same error message with Mozilla.org, showing "Secure Connection failed" with v40. With v29, the error message from Wikipedia shows "error code: ssl_error_no_cypher_overlap"

I cannot generate a certificate error from your page with my Firefox. I also get the same error message with Mozilla.org, showing "Secure Connection failed" with v40. With v29, the error message from Wikipedia shows "error code: ssl_error_no_cypher_overlap"

Question owner

Ah, I tried adding Mozilla.org to my tls.insecure_fallback_hosts and got this error message when trying to access Mozilla.org again: "The server rejected the handshake because the client downgraded to a lower TLS version than the server supports. (Error code: ssl_error_inappropriate_fallback_alert)."

So it is not using the incorrect tls version it seems.

Ah, I tried adding Mozilla.org to my tls.insecure_fallback_hosts and got this error message when trying to access Mozilla.org again: "The server rejected the handshake because the client downgraded to a lower TLS version than the server supports. (Error code: ssl_error_inappropriate_fallback_alert)." So it is not using the incorrect tls version it seems.

Modified by k.turner619

jscher2000
  • Top 10 Contributor
8786 solutions 71864 answers

Chosen Solution

Which site gives you inappropriate fallback alert -- the main www (https://www.mozilla.org/) or this support site? Or is this only a problem when using a partial domain that redirects, such as https://mozilla.org/?

Both this site and the www site use TLS 1.2, so Firefox does not need to fall back to TLS 1.0 in either case. Also, Firefox should have no problems connection to Wikipedia.

It sounds as though you are not making a direct connection, that there is a proxy server or something else in between you and the site, or malware.

If this is common across your network, it could be a shared proxy or something wrong with the router/firewall.

Which site gives you inappropriate fallback alert -- the main www ([https://www.mozilla.org/]) or this support site? Or is this only a problem when using a partial domain that redirects, such as [https://mozilla.org/]? Both this site and the www site use TLS 1.2, so Firefox does not need to fall back to TLS 1.0 in either case. Also, Firefox should have no problems connection to Wikipedia. It sounds as though you are not making a direct connection, that there is a proxy server or something else in between you and the site, or malware. If this is common across your network, it could be a shared proxy or something wrong with the router/firewall.

Question owner

Both Mozilla sites fail. I have my folks checking out the firewall now. Thanks for all of your help!

Both Mozilla sites fail. I have my folks checking out the firewall now. Thanks for all of your help!

Question owner

The firewall was the issue. We had it fixed and can access our sites as normally now. Thank you!

The firewall was the issue. We had it fixed and can access our sites as normally now. Thank you!
ChrisG 2 solutions 39 answers

Using 10.6.8 and FF 44.0.2.

I have had this problem for months. Through all FF versions. I use Sophos for antivirus. My clock date and time are exactly correct. This happens intermittently but frequently; several times a day. The same problem happens on my laptop, running Yosomite, so it is not related to an old Mac operating system.

The first time I clicked on jscher2000's link above (post 9/3 at 4:16pm), the Secure Connection Failed (image below). And as with EVERY other site I have had this (or The Connection was Reset) problem, refresh caused the page to load normally.

Attached also is a Secure Connection Failed at amazon.com, and the last one is The Connection was Reset at weather.gov.

As the images show, there is no other error code or message. I am a home user, not a power user, and I'm connected only to the household network. My firewall has been on for 5+ years, 4.75 of which I had no problem. Don't I need the firewall for Internet security? If I did disable it, then my connection would be insecure? I don't see that as a solution, and I have no IT person to change or replace it.

Using 10.6.8 and FF 44.0.2. I have had this problem for months. Through all FF versions. I use Sophos for antivirus. My clock date and time are exactly correct. This happens intermittently but frequently; several times a day. The same problem happens on my laptop, running Yosomite, so it is not related to an old Mac operating system. The first time I clicked on jscher2000's link above (post 9/3 at 4:16pm), the Secure Connection Failed (image below). And as with EVERY other site I have had this (or The Connection was Reset) problem, refresh caused the page to load normally. Attached also is a Secure Connection Failed at amazon.com, and the last one is The Connection was Reset at weather.gov. As the images show, there is no other error code or message. I am a home user, not a power user, and I'm connected only to the household network. My firewall has been on for 5+ years, 4.75 of which I had no problem. Don't I need the firewall for Internet security? If I did disable it, then my connection would be insecure? I don't see that as a solution, and I have no IT person to change or replace it.

Modified by ChrisG

jscher2000
  • Top 10 Contributor
8786 solutions 71864 answers

Hi cglenn, if I understand you correctly, you get an error page on the first try, but if you reload the page (Command+r or the reload button) then you get right in. I'm pretty sure this is a different issue than the one suffered by the original poster. Can you start a new thread including your Firefox configuration data?

https://support.mozilla.org/questions/new/desktop/fix-problems

As always, scroll down past the suggested articles to continue with the form.

Hi cglenn, if I understand you correctly, you get an error page on the first try, but if you reload the page (Command+r or the reload button) then you get right in. I'm pretty sure this is a different issue than the one suffered by the original poster. Can you start a new thread including your Firefox configuration data? https://support.mozilla.org/questions/new/desktop/fix-problems As always, scroll down past the suggested articles to continue with the form.
cor-el
  • Top 10 Contributor
  • Moderator
17569 solutions 158913 answers

Did you check the date and time on your computer?

Did you check the date and time on your computer?
ChrisG 2 solutions 39 answers

I am not a power user. I can't find out how to start a new thread. Above, near the top, are hot links:

Home Support Forum Firefox "Secure Connection Failed" occurring on ...

But when I click up one level, when I click on Firefox, I'm sent to a page that lists 39 issues but does not have any New Thread or Post link.

jscher2000 said: "As always, scroll down past the suggested articles to continue with the form." Huh? At the bottom the page are the global links, and if I click on Firefox, I'm back in the no-post-thread loop just described.

Also, because I'm not a power user, I had so much difficulty setting up my ad-ons that I'd would rather live with this problem than try to reinstall them.

Anyway, I have not added any adons since the problem started. I have adblock plus, autofil forms, dstocks, theme and font size changer, and toolbar buttons (has not worked since V43).

I figured out how to do the health report, but I don't know how this info can help:

   version44.0.2
   update channelrelease
   updates prompt

This Month

   total sessions18
   time open7 days
   application crashes0
   plugin crashes0

Active Add-ons

   Extensions5
   Plugins3
   Plugins (Click-to-Activate)
I am not a power user. I can't find out how to start a new thread. Above, near the top, are hot links: Home Support Forum Firefox "Secure Connection Failed" occurring on ... But when I click up one level, when I click on Firefox, I'm sent to a page that lists 39 issues but does not have any New Thread or Post link. jscher2000 said: "As always, scroll down past the suggested articles to continue with the form." Huh? At the bottom the page are the global links, and if I click on Firefox, I'm back in the no-post-thread loop just described. Also, because I'm not a power user, I had so much difficulty setting up my ad-ons that I'd would rather live with this problem than try to reinstall them. Anyway, I have not added any adons since the problem started. I have adblock plus, autofil forms, dstocks, theme and font size changer, and toolbar buttons (has not worked since V43). I figured out how to do the health report, but I don't know how this info can help: version44.0.2 update channelrelease updates prompt This Month total sessions18 time open7 days application crashes0 plugin crashes0 Active Add-ons Extensions5 Plugins3 Plugins (Click-to-Activate)
jscher2000
  • Top 10 Contributor
8786 solutions 71864 answers

cglenn said

I am not a power user. I can't find out how to start a new thread.

Your profile shows you posted 4 questions in the past. Anyway, use the link from my post:

https://support.mozilla.org/questions/new/desktop/fix-problems

''cglenn [[#answer-844855|said]]'' <blockquote> I am not a power user. I can't find out how to start a new thread. </blockquote> Your profile shows you posted 4 questions in the past. Anyway, use the link from my post: https://support.mozilla.org/questions/new/desktop/fix-problems
ChrisG 2 solutions 39 answers

Thanks. I forgot I had to ask a question before I could see the new thread button. Not logical for old timers :( .

I started the new thread at https://support.mozilla.org/en-US/questions/1110204

Thanks. I forgot I had to ask a question before I could see the new thread button. Not logical for old timers :( . I started the new thread at https://support.mozilla.org/en-US/questions/1110204