Recent answers to Getting the error "SSL_ERROR_RX_RECORD_TOO_LONG" when attempting to access multiple different sites, sometimes goes away with refresh but sometimes prersists.https://support.mozilla.org/en-US/questions/12227392018-12-29T01:15:26-08:00To foodi:
This thread has been archived and closed, since it has been more than 180 days from the 2018-12-29T01:15:26-08:00AliceWymanhttps://support.mozilla.org/en-US/questions/1222739#answer-1184836<p><strong>To foodi:</strong>
</p><p>This thread has been archived and closed, since it has been more than 180 days from the original post date (you posted your support request in an old, solved thread, started by someone else). See also <a href="/en-US/kb/mozilla-support-rules-guidelines" rel="nofollow">Mozilla Support rules and guidelines</a>.
</p><p>Archived threads cannot be re-opened. If you are still having problems, please <a href="/questions/new" rel="nofollow">ask a new question</a>. You can refer to this thread (<a href="/questions/1222739" rel="nofollow">/questions/1222739</a>) for the background.
</p>There is Sophos AV Enterprise running on all work machines. But I seem to be the only one experienci2018-12-14T03:05:08-08:00foodihttps://support.mozilla.org/en-US/questions/1222739#answer-1181203<p>There is Sophos AV Enterprise running on all work machines. But I seem to be the only one experiencing this problem. Also, it just started yesterday.
</p>Hi foodi, do you have Avast, AVG, or any other "man in the middle" of your secure connections?
2018-12-14T02:32:40-08:00jscher2000https://support.mozilla.org/en-US/questions/1222739#answer-1181187<p>Hi foodi, do you have Avast, AVG, or any other "man in the middle" of your secure connections?
</p>jscher2000 said
Hi foodi, it probably doesn't help, but here's how my Firefox connects to the site2018-12-14T02:29:20-08:00foodihttps://support.mozilla.org/en-US/questions/1222739#answer-1181184<p><em>jscher2000 <a href="#answer-1181172" rel="nofollow">said</a></em>
</p>
<blockquote>
Hi foodi, it probably doesn't help, but here's how my Firefox connects to the site:
<ul><li> Protocol: TLS 1.3
</li><li> Cipher: TLS_AES_128_GCM_SHA256
</li></ul>
(As shown in the attached screenshot)
</blockquote>
<p>You're right! I have no idea what to do with that information&nbsp;:)
I did try the about:config TLS version hack. No effect.
</p>Hi foodi, it probably doesn't help, but here's how my Firefox connects to the site:
Protocol: TLS 2018-12-14T02:04:53-08:00jscher2000https://support.mozilla.org/en-US/questions/1222739#answer-1181172<p>Hi foodi, it probably doesn't help, but here's how my Firefox connects to the site:
</p>
<ul><li> Protocol: TLS 1.3
</li><li> Cipher: TLS_AES_128_GCM_SHA256
</li></ul>
<p>(As shown in the attached screenshot)
</p>web.whatsapp.com is the only site misbehaving for me.
It's happening with MS Edge, too. Haven't che2018-12-14T01:51:59-08:00foodihttps://support.mozilla.org/en-US/questions/1222739#answer-1181159<p><strong><a href="http://web.whatsapp.com" rel="nofollow">web.whatsapp.com</a> </strong>is the only site misbehaving for me.
</p><p>It's happening with MS Edge, too. Haven't checked Chrome yet.
</p>jscher2000 said
Hi brown192, reports of this error have increased lately, and also that it can be 2018-06-27T17:38:30-07:00Ruskiehttps://support.mozilla.org/en-US/questions/1222739#answer-1127430<p><em>jscher2000 <a href="#answer-1125071" rel="nofollow">said</a></em>
</p>
<blockquote>
Hi brown192, reports of this error have increased lately, and also that it can be intermittent. This is puzzling.
When you reload <em>bypassing the cache</em> does that make any difference? You can use either:
<ul><li> Ctrl+Shift+r
</li><li> Shift+reload button
</li></ul>
Alternately, you could test in a private window, which doesn't share cache or cookies with regular windows.
<hr>
<p>The only workaround I've seen mentioned so far was to turn off support for the newest and most secure connection protocol, TLS 1.3. Perhaps some sites or some intermediaries (security filters?) return data to Firefox that it finds invalid when this is enabled (TBD). To try that:
</p><p>(1) In a new tab, type or paste <strong>about:config</strong> in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
</p><p>(2) In the search box above the list, type or paste <strong>TLS</strong> and pause while the list is filtered
</p><p>(3) Double-click the <strong>security.tls.version.max</strong> preference to display a dialog where you can edit the value from <strong>4</strong> to <strong>3</strong> (or in other words, from TLS 1.3 to TLS 1.2). Then click OK.
</p><p>If you reload the problem page, will it connect?
</p><p>If you discover sites that respond to that workaround, could you share the URLs? Someone needs to study them and see what's going on.
</p>
</blockquote>
<p>Hi jscher2000, you solution about tls max worked (while the cache bypass didn't).
In my case I experienced that with <a href="http://www.google.it" rel="nofollow">www.google.it</a>, simple as that.&nbsp;:)
</p>Hi brown192, I think we're all still trying to sort this out.
When you have a "man in the middle" li2018-06-21T07:46:24-07:00jscher2000https://support.mozilla.org/en-US/questions/1222739#answer-1125106<p>Hi brown192, I think we're all still trying to sort this out.
</p><p>When you have a "man in the middle" like a security filter or proxy server, there actually are two connections: one from Firefox to the intermediary, and one from the intermediary to the website. They could use different protocols, different ciphers, etc.
</p><p>Maybe I'll find an old computer I can load Avast on and see whether I noticed anything strange.
</p>Perhaps. Still seems like a problem on the Firefox side given that the error doesn't occur with othe2018-06-21T06:54:00-07:00brown192https://support.mozilla.org/en-US/questions/1222739#answer-1125090<p>Perhaps. Still seems like a problem on the Firefox side given that the error doesn't occur with other browsers. I'm also not sure why switching to TLS 1.2 would fix the problem if it was from the Avast web shield, but that's well beyond my technical knowledge.
</p>Gmail supports TLS 1.3 (screenshot attached), so perhaps it is Avast Web Shield or a different inter2018-06-21T06:45:08-07:00jscher2000https://support.mozilla.org/en-US/questions/1222739#answer-1125084<p>Gmail supports TLS 1.3 (screenshot attached), so perhaps it is Avast Web Shield or a different intermediary which is causing the problem.
</p>Currently misbehaving site for me: gmail.com
Bypassing cache and loading in private window both atte2018-06-21T06:35:03-07:00brown192https://support.mozilla.org/en-US/questions/1222739#answer-1125076<p>Currently misbehaving site for me: <a href="http://gmail.com" rel="nofollow">gmail.com</a>
</p><p>Bypassing cache and loading in private window both attempted without success.
</p><p>Dropping to TLS 1.2 *does* fix the problem. Tested multiple times switching back and forth. With security.tls.version.max value set to "4" gmail will not load. With value set at "3" it loads properly. I'll leave it at "3" for now and see if I happen to run into any more sites causing problems. Error has been happening for about a week, but gmail today was the first time it continued to persist beyond a few reloads.
</p>i would try to disable avast from meddling with ssl connections like described in How to troubleshoo2018-06-21T06:35:01-07:00philipphttps://support.mozilla.org/en-US/questions/1222739#answer-1125075<p>i would try to disable avast from meddling with ssl connections like described in <a href="/en-US/kb/error-codes-secure-websites" rel="nofollow">How to troubleshoot security error codes on secure websites</a>
</p>UPDATE: This issue has been added to the support article: https://support.mozilla.org/en-US/kb/secur2018-06-21T06:29:33-07:00jscher2000https://support.mozilla.org/en-US/questions/1222739#answer-1125071<p><strong>UPDATE:</strong> <em>This issue has been added to the support article:</em> <a href="https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message#w_avast-and-avg-security-products" rel="nofollow">https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message#w_avast-and-avg-security-products</a>
</p>
<hr>
<p>Hi brown192, reports of this error have increased lately, and also that it can be intermittent. This is puzzling.
</p><p>When you reload <em>bypassing the cache</em> does that make any difference? You can use either:
</p>
<ul><li> Ctrl+Shift+r
</li><li> Shift+reload button
</li></ul>
<p>Alternately, you could test in a private window, which doesn't share cache or cookies with regular windows.
</p>
<hr>
<p>The only workaround I've seen mentioned so far was to turn off support for the newest and most secure connection protocol, TLS 1.3. Perhaps some sites or some intermediaries (security filters?) return data to Firefox that it finds invalid when this is enabled (TBD). To try that:
</p><p>(1) In a new tab, type or paste <strong>about:config</strong> in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
</p><p>(2) In the search box above the list, type or paste <strong>TLS</strong> and pause while the list is filtered
</p><p>(3) Double-click the <strong>security.tls.version.max</strong> preference to display a dialog where you can edit the value from <strong>4</strong> to <strong>3</strong> (or in other words, from TLS 1.3 to TLS 1.2). Then click OK.
</p><p>If you reload the problem page, will it connect?
</p><p>If you discover sites that respond to that workaround, could you share the URLs? Someone needs to study them and see what's going on.
</p>