X
Tap here to go to the mobile version of the site.

Support Forum

Secure Connection Failed

Posted

https://forum.xcsoar.org/ has suddenly started failing to connect due to 'Secure Connection Failed' using Firefox ESR 52.1.0 (32-bit). I have accessed this site many times before and it still works from other browsers e.g. Chrome. The certificate is shown as being valid 128bit TLS1.2

https://forum.xcsoar.org/ has suddenly started failing to connect due to 'Secure Connection Failed' using Firefox ESR 52.1.0 (32-bit). I have accessed this site many times before and it still works from other browsers e.g. Chrome. The certificate is shown as being valid 128bit TLS1.2

Chosen solution

If you get "Secure connection failed" because "connection was reset" AND you have a successful SSL handshake (shown by the Page Info dialog) at the same time, then there isn't an SSL problem -- you can ignore the word "secure" because really it's "connection failed." There's some other problem, commonly the server rejecting your request for some reason, such as not getting expected information.

One thing you could try while you wait for any authoritative explanation is to use a fresh Firefox profile.

New Profile Test

This takes about 3 minutes, plus the time to test the site.

Inside Firefox, type or paste about:profiles in the address bar and press Enter/Return to load it.

Click the Create a New Profile button, then click Next. Assign a name like May2017, ignore the option to relocate the profile folder, and click the Finish button.

After creating the profile, scroll down to it and click the Set as default profile button below that profile, then scroll back up and click the Restart normally button. (There are some other buttons, but I think those are still "under construction" so please ignore them.)

Firefox should exit and then start up using the new profile, which will just look brand new.

Does the forum let you in using the new profile?

When you are done with the experiment, open the about:profiles page again, click the Set as default profile button for your normal profile, then click the Restart normally button to get back to it.

Read this answer in context 0

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape 17.9.20044
  • Google Update
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.131.2 for Mozilla browsers
  • NPWLPG
  • Picasa plugin
  • Shockwave Flash 25.0 r0
  • 5.1.50905.0
  • VLC media player Web Plugin

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; rv:52.0) Gecko/20100101 Firefox/52.0

More Information

FredMcD
  • Top 10 Contributor
4246 solutions 59404 answers
I had no problem with the link. There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate. https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message https://support.mozilla.org/en-US/kb/connection-untrusted-error-message

Question owner

I use AVG free and have tried with that turned off. As the certificate shows as valid from within Firefox and Chrome I don't think that can be the cause. Did you try with ESR version (which I use so that I can still access a site using java)?

I use AVG free and have tried with that turned off. As the certificate shows as valid from within Firefox and Chrome I don't think that can be the cause. Did you try with ESR version (which I use so that I can still access a site using java)?

Question owner

and I have tried the various settings in the links you posted to no avail.

and I have tried the various settings in the links you posted to no avail.
FredMcD
  • Top 10 Contributor
4246 solutions 59404 answers

Many site issues can be caused by corrupt cookies or cache.

  • Clear the Cache and
  • Remove Cookies

Warning ! ! This will log you out of sites you're logged in to. You may also lose any settings for that website.

Type about:preferences<enter> in the address bar.

  • Cookies; Select Privacy. Under History, select

Firefox will Use Custom Settings. Press the button on the right side called Show Cookies. Use the search bar to look for the site. Note; There may be more than one entry. Remove All of them.

  • Cache; Select Advanced > Network. Across from

Cached Web Content, Press Clear Now.

If there is still a problem, https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode Start Firefox in Safe Mode A small dialog should appear. Click Start In Safe Mode (not Refresh). While you are in safe mode;

Type about:preferences#advanced<enter> in the address bar.

Under Advanced, Select General. Look for and turn off Use Hardware Acceleration.

Then restart. Poke around safe websites. Are there any problems?

Many site issues can be caused by corrupt cookies or cache. * Clear the Cache and * Remove Cookies '''Warning ! ! ''' This will log you out of sites you're logged in to. You may also lose any settings for that website. Type '''about:preferences'''<enter> in the address bar. * '''Cookies; ''' Select '''Privacy. ''' Under '''History, ''' select Firefox will '''Use Custom Settings. ''' Press the button on the right side called '''Show Cookies. ''' Use the search bar to look for the site. Note; There may be more than one entry. Remove '''All''' of them. * '''Cache; ''' Select '''Advanced > Network. ''' Across from '''Cached Web Content, ''' Press '''Clear Now. ''' If there is still a problem, https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode '''Start Firefox in Safe Mode''' A small dialog should appear. Click '''Start In Safe Mode''' (not Refresh). While you are in safe mode; Type '''about:preferences#advanced'''<enter> in the address bar. Under '''Advanced, ''' Select '''General. ''' Look for and turn off '''Use Hardware Acceleration. ''' Then restart. Poke around safe websites. Are there any problems?
cor-el
  • Top 10 Contributor
  • Moderator
17475 solutions 157942 answers

You can check TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 on the about:config page to see if this cipher suite is enabled.

  • security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256

You can open the about:config page via the location/address bar. You can accept the warning and click "I'll be careful" to continue.

You can check TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 on the <b>about:config</b> page to see if this cipher suite is enabled. *security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 You can open the <b>about:config</b> page via the location/address bar. You can accept the warning and click "I'll be careful" to continue. *http://kb.mozillazine.org/about:config

Modified by cor-el

Question owner

Thanks for the suggestions. I had already tried clearing cache and cookies, I have now tried safe mode and reset, still wit the same result. I dont find the security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 option under about:config. it does seem possible that the issue is the 128bit certificate, other https sites I have found seem to have 256bit certificates.

Thanks for the suggestions. I had already tried clearing cache and cookies, I have now tried safe mode and reset, still wit the same result. I dont find the security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 option under about:config. it does seem possible that the issue is the 128bit certificate, other https sites I have found seem to have 256bit certificates.
cor-el
  • Top 10 Contributor
  • Moderator
17475 solutions 157942 answers

Try to rename cert8.db in the profile folder.

You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.

Try to rename cert8.db in the profile folder. You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page. *Help -> Troubleshooting Information -> Profile Directory:<br>Windows: Show Folder; Linux: Open Directory; Mac: Show in Finder *http://kb.mozillazine.org/Profile_folder_-_Firefox

Question owner

I renamed rename cert8.db, it was recreated as soon as I restarted Firefox and did not affect the issue. I can access this site from Firefox on my Android and Unix (Firefox ESR 45.4.0) machines so I think it is most likely a bug or a setting unique to the ESR version which I am using on Windows.

I renamed rename cert8.db, it was recreated as soon as I restarted Firefox and did not affect the issue. I can access this site from Firefox on my Android and Unix (Firefox ESR 45.4.0) machines so I think it is most likely a bug or a setting unique to the ESR version which I am using on Windows.
jscher2000
  • Top 10 Contributor
8695 solutions 71066 answers

Does the error page give an explanation for the problem? Usually if there is no matching cipher, that will be stated explicitly. If that isn't there, it may be something else completely. You could copy/paste the whole paragraph into a reply.

There is a different kind of error page that has an Advanced button. if you see that one, clicking the button will provide more technical details about the issue.

Does the error page give an explanation for the problem? Usually if there is no matching cipher, that will be stated explicitly. If that isn't there, it may be something else completely. You could copy/paste the whole paragraph into a reply. There is a different kind of error page that has an Advanced button. if you see that one, clicking the button will provide more technical details about the issue.

Helpful Reply

This is the screen and the dialogue shown by selecting the certificate

This is the screen and the dialogue shown by selecting the certificate
cor-el
  • Top 10 Contributor
  • Moderator
17475 solutions 157942 answers

Do a malware check with several malware scanning programs on the Windows computer.

Please scan with all programs because each program detects different malware. All these programs have free versions.

Make sure you update each program to get the latest version of their databases before doing a scan.

You can also do a check for a rootkit infection with TDSSKiller.

See also:

Do a malware check with several malware scanning programs on the Windows computer. *https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware Please scan with all programs because each program detects different malware. All these programs have free versions. Make sure you update each program to get the latest version of their databases before doing a scan. *Malwarebytes' Anti-Malware:<br>http://www.malwarebytes.org/mbam.php *AdwCleaner:<br>http://www.bleepingcomputer.com/download/adwcleaner/<br>http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml *SuperAntispyware:<br>http://www.superantispyware.com/ *Microsoft Safety Scanner:<br>http://www.microsoft.com/security/scanner/en-us/default.aspx *Windows Defender:<br>http://windows.microsoft.com/en-us/windows/using-defender *Spybot Search & Destroy:<br>http://www.safer-networking.org/en/index.html *Kasperky Free Security Scan:<br>http://www.kaspersky.com/security-scan You can also do a check for a rootkit infection with TDSSKiller. *Anti-rootkit utility TDSSKiller:<br>http://support.kaspersky.com/5350?el=88446 See also: *"Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked

Question owner

Could you explain why malware would only affect connection to one site which can be accessed from other browsers? I do use antivirus software and often scan with different software. Using all those listed would take a while so I would like to understand the logic

Could you explain why malware would only affect connection to one site which can be accessed from other browsers? I do use antivirus software and often scan with different software. Using all those listed would take a while so I would like to understand the logic
cor-el
  • Top 10 Contributor
  • Moderator
17475 solutions 157942 answers

There are two possible causes. Either the website server is blocking you (your IP) for some reason or there is something on your computer that is blocking it since we can't replicate this issue and can connect to the website. The former you can test with a VPN or anonymous proxy that you would have to trust if you need to login.

There are two possible causes. Either the website server is blocking you (your IP) for some reason or there is something on your computer that is blocking it since we can't replicate this issue and can connect to the website. The former you can test with a VPN or anonymous proxy that you would have to trust if you need to login.
jscher2000
  • Top 10 Contributor
8695 solutions 71066 answers

guycorbett said

This is the screen and the dialogue shown by selecting the certificate

Hmm, how did you get the Page Info dialog if Firefox cannot connect to the site? Is it an intermittent error where you can reload to get the page or get some parts of the site but not others?

''guycorbett [[#answer-965648|said]]'' <blockquote> This is the screen and the dialogue shown by selecting the certificate </blockquote> Hmm, how did you get the Page Info dialog if Firefox cannot connect to the site? Is it an intermittent error where you can reload to get the page or get some parts of the site but not others?

Question owner

It is not intermittent it happens every time. The fact that I can connect with Chrome shows to me that the isue is with Firefox rather than my PC. As far as I can tell no one else here has tried to replicate with the ESR version of Firefox. I am busy elsewhere today but I think my next step has to be uninstalling ESR and trying with the ordinary version

It is not intermittent it happens every time. The fact that I can connect with Chrome shows to me that the isue is with Firefox rather than my PC. As far as I can tell no one else here has tried to replicate with the ESR version of Firefox. I am busy elsewhere today but I think my next step has to be uninstalling ESR and trying with the ordinary version
jscher2000
  • Top 10 Contributor
8695 solutions 71066 answers

Chosen Solution

If you get "Secure connection failed" because "connection was reset" AND you have a successful SSL handshake (shown by the Page Info dialog) at the same time, then there isn't an SSL problem -- you can ignore the word "secure" because really it's "connection failed." There's some other problem, commonly the server rejecting your request for some reason, such as not getting expected information.

One thing you could try while you wait for any authoritative explanation is to use a fresh Firefox profile.

New Profile Test

This takes about 3 minutes, plus the time to test the site.

Inside Firefox, type or paste about:profiles in the address bar and press Enter/Return to load it.

Click the Create a New Profile button, then click Next. Assign a name like May2017, ignore the option to relocate the profile folder, and click the Finish button.

After creating the profile, scroll down to it and click the Set as default profile button below that profile, then scroll back up and click the Restart normally button. (There are some other buttons, but I think those are still "under construction" so please ignore them.)

Firefox should exit and then start up using the new profile, which will just look brand new.

Does the forum let you in using the new profile?

When you are done with the experiment, open the about:profiles page again, click the Set as default profile button for your normal profile, then click the Restart normally button to get back to it.

If you get "Secure connection failed" because "connection was reset" AND you have a successful SSL handshake (shown by the Page Info dialog) at the same time, then there isn't an SSL problem -- you can ignore the word "secure" because really it's "connection failed." There's some other problem, commonly the server rejecting your request for some reason, such as not getting expected information. One thing you could try while you wait for any authoritative explanation is to use a fresh Firefox profile. '''New Profile Test''' This takes about 3 minutes, plus the time to test the site. Inside Firefox, type or paste '''about:profiles''' in the address bar and press Enter/Return to load it. Click the Create a New Profile button, then click Next. Assign a name like May2017, ignore the option to relocate the profile folder, and click the Finish button. After creating the profile, scroll down to it and click the '''Set as default profile''' button below that profile, then scroll back up and click the '''Restart normally''' button. (There are some other buttons, but I think those are still "under construction" so please ignore them.) Firefox should exit and then start up using the new profile, which will just look brand new. ''Does the forum let you in using the new profile?'' When you are done with the experiment, open the about:profiles page again, click the '''Set as default profile''' button for your normal profile, then click the '''Restart normally''' button to get back to it.

Question owner

Before I read your post about the profile, I updated to the non ESR version which fixed the issue. I then reinstalled the ESR version and it still works. Perhaps that recreated the profile or maybe an update had not applied properly. Either way the fix was basically uninstall and reinstall Firefox. Thanks for all the suggestions.

Before I read your post about the profile, I updated to the non ESR version which fixed the issue. I then reinstalled the ESR version and it still works. Perhaps that recreated the profile or maybe an update had not applied properly. Either way the fix was basically uninstall and reinstall Firefox. Thanks for all the suggestions.