Firefox Community Forum

For the past few days almost every site I try to visit gets the error:

Secure Connection Failed An error occurred during a connection to.... SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

this has happened on and off in the past for one or two sites but usually fixes itself within a day or less but this time it's been days. I tried everything I've seen online: -Try without add ons, - I am using 'system settings' proxy, -Followed an 8-yr-old suggestion of switching security.tls.version.max from 4 to 3 -My AV doesn't have HTTPS scanning that I can disable -It doesn't allow me to toggle the 'enhanced tracking is on' in the address bar -I've tried adding a site as an exception to DNS over HTTPS and turning Enable DNS over HTTPS off

Nothing has helped. These are all sites I've used in the past. I am using Nightly v150 at the moment but obviously same situation with FF or R3dfox.

If anyone can suggest how to bypass this so I don't have to use Edge/Chrome/Supermium (which all display these sites without issue) I'd appreciate it so much!

(*I'm looking for help with THIS issue on a W7 laptop, not about whether I should upgrade the OS.)

Thanks.

I would like to understand how DNS over HTTPS impacts browsing speed and privacy in Firefox.

Details: Hello everyone,

I am currently exploring Firefox privacy and network settings, especially DNS over HTTPS (DoH). I noticed that enabling this feature slightly changes website loading behavior on some networks.

I would like to ask:

Does DNS over HTTPS introduce additional latency? Are there performance differences between providers? Can corporate or public Wi-Fi networks interfere with DoH requests? Is there a recommended configuration for balancing privacy and performance?

I’m interested in both technical explanations and real-world experiences from Firefox users.

Thank you.

Hello,

I have been testing all browsers I use (Firefox, Chrome, Edge) on Cloudflare Post-Quantum Key Agreement to verify PQC support. They all support the X25519MLKEM768 hybrid scheme (i.e. Cloudflare web page returns "You are using X25519MLKEM768 which is post-quantum secure").

The issue: When I run the test in Firefox multiple times by doing repeated hard refreshes (Ctrl+Shift+R), quite often the result is "You are using X25519 which is not post-quantum secure". Sometimes the very first run after opening Firefox gives the X25519 (failing) result. "Often" varies. Sometimes it's around 10 fails out of 50 tests, other times it's 1 out of 50. It seems random.

I have read that sometimes networking equipment or even ISPs can be the cause of PQC requests falling back to non-PQC due to the long keys in PQC, but I do not see this intermittent issue with Chrome or Edge on the same computer/network/ISP as Firefox. I have not seen a single failure so far on those two browsers. The only variable I am aware of is the web browser.

I also tried connecting to a cellular hotspot as well as disabling my Norton 360 firewall and the results are the same as above.

Looking for help to resolve this issue. Thanks.

Hi, I'm using a policie file to force a family-dns. Ive written the current code down below. Unfortunately this leaves the "manage exeption"-button open, where its possible to simply bypass the block for a specific site. Is there a way to lock this button in the policie file? Thank you very much. {

 "policies": {
   "DNSOverHTTPS": {
     "Enabled": true,
     "Locked": true,
     "ProviderURL": "https://doh16.jusprogdns.com/dns-query"
   },
   "Preferences": {
     "network.trr.mode": {
       "Value": 3,
       "Status": "locked"
     }
   }
 }

}

Using FF 140.10.1 esr on a windows pc I noticed (probably long after the fact and numerous updates) that there's no longer https:// in the address bar. Having some recent issues with security made me look for this.

When I switched to Edge, the https:// was in the adddresses I was using. There is a lock symbol, but the locks seem to change in their appearance from one browser or website to the next.

Was this verification sign removed and, if so, why?  

Thank you.

Recently I set up mTLS on my admin endpoint. I tried entering it as an API on the other website, and in Firefox it wouldn't work. But if I'd try to access endpoint directly it would work, and even save my certificate choice. In Chrome, everything works just fine with both direct and API access. It is not a problem of a website, nor the problem of the OPTIONS preflight, since both of those are configured correctly on my nginx.

Dear Mozilla Team,

I kindly ask you to add support for the X25519MLKEM768 hybrid post-quantum key exchange to the domain detectportal.firefox.com (the URL used by Firefox connection testing). This small change would significantly strengthen privacy protection for millions of users who rely on Firefox's connection test URL. As you know, this mechanism has already been successfully implemented on almost all of your other domains. Extending the same protection to detectportal.firefox.com would ensure consistency and close the remaining gap. Thank you very much for your ongoing work on privacy and post-quantum cryptography. I would greatly appreciate your attention to this request. Best regards, Anonymous

Hi there.

Since quite a while Firefox is trying to enhance our browsing security by "upgrading" connections from "http" to "https." This may generally be a good idea, but it is literally driving me crazy at the moment because it also does so for "internal" sites I host within my LAN (such as my "Home Assistant" instance or a Zigbee coordinator, accessible via its own hostname and web UI). However, these connections will fail, because I don't have certificates for my internal hosts, and thus there is no "https" listener. :-(

(I use my own subdomain "<host>.city.internal.example.org" internally, so Firefox may be confused?)

I feel this behavior has become "more aggressive" within the last few days, so maybe it is due to a Firefox update?

Is there a bullet-proof way to prevent Firefox from doing so?

I've already set the below options to false: - dom.security.https_first - dom.security.https_first_for_custom_ports - dom.security.https_first_for_local_addresses - dom.security.https_first_for_unknown_suffixes - dom.security.https_first_pbm - dom.security.https_first_schemeless - dom.security.https_only_mode - dom.security.https_only_mode.upgrade_local - dom.security.https_only_mode_pbm

Help, please!

I'm close to abandoning Firefox in favor of a different browser, because at the moment it's close to being unusable for me anymore... :-(

Kind regards,

Ralf

I've disabled HTTPS only mode. When i enter a local http://server.localdomain server Firefox upgrades that to https://server.localdomain. How do I disable that?

Hello Folks, I just importeda a new certificate. Then I wanted to save all my certificates for backup. Selecting "Backup all...", I neter a secure password and click ok just to get the following error message: Failed to create the PKCS #12 backup file for unknown reasons the only button is "OK"

How can I start finding out what is going on and is there any means to save my certificates?

Using firefox 148, when I select the "CIRA Canadian shield" DNS over HTTPS option it does not work. If I select the other 2 options Cloudflare or NextDNS those options work.

What is the problem with DOH for CIRA option ?

1. 1. Резюме выделенного

1. 1. 1. Общее

Выделенный фрагмент содержит **цепочку из трёх X.509 TLS-сертификатов** (формат PEM), а также временну́ю метку **«5–7 минут»** (вероятно, срок действия или контекст страницы).

---

1. 1. 1. Сертификат 1 — Конечный (End-Entity)

- **Субъект:** `accounts.firefox.com` - **Выдан:** Let's Encrypt (R13) - **Действителен:** 15.02.2026 — 16.05.2026 - **Тип:** TLS-сертификат сервера (Domain Validated) - **Алгоритм:** RSA 2048 / SHA-256

---

1. 1. 1. Сертификат 2 — Промежуточный (Intermediate CA)

- **Субъект:** `R13` (Let's Encrypt) - **Выдан:** ISRG Root X1 - **Действителен:** 13.03.2024 — 12.03.2027 - **Назначение:** Подпись конечных сертификатов Let's Encrypt

---

1. 1. 1. Сертификат 3 — Корневой (Root CA)

- **Субъект:** `ISRG Root X1` (Internet Security Research Group) - **Действителен:** 04.06.2015 — 04.06.2035 - **Назначение:** Доверенный корневой центр сертификации; самоподписанный

---

1. 1. 1. Итог

Полная цепочка доверия: `accounts.firefox.com` → `Let's Encrypt R13` → `ISRG Root X1`

Secure Connection Failed

An error occurred during a connection to chatgpt.com. Cannot communicate securely with peer: no common encryption algorithm(s).

Error code: SSL_ERROR_NO_CYPHER_OVERLAP

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

Learn more… this is what it says when i try to access

My broadband router set ip address is not secure as it's HTTP What is the solution to able me to access my home router via Wifi in the same location of course which is at home?

Hello everyone,

I am using Firefox latest release (eg 145.0.1).

At https://developers.cloudflare.com/ssl/post-quantum-cryptography/pqc-support/ , it seems that X25519MLKEM768 is supported since Firefox 132. Do you confirm ?

I ask this question because when I am connecting to https://pq.cloudflareresearch.com/ and activate the network tab before reaching this URL, and looked at the security tab on the right bottom panel, as you can see in the screenshot attached, in the Exchange group keys, I see x25519 and not x25519mlkem768 meaning that Firefox is not PQC ready for key establishment :-(

Best Regards.

Hi, I used to see the HTTPS designation in the Firefox address bar, but no longer see it lately. It does appear in the Edge address bar.

I do appreciate your help.

My mobile package site shows mixed-content warnings on Firefox — how can I fix this? Hello everyone, I run a website, which provides information about mobile phone prices and SIM packages in Bangladesh. Recently, I noticed that when users visit some pages in Firefox, the browser shows a “mixed-content” warning or blocks certain scripts. The same pages load fine in Chrome. All my URLs use HTTPS, and I’m using a LiteSpeed server with Cloudflare CDN. Could this issue be related to how Firefox handles external resources (like embedded operator banners or analytics scripts)? What’s the best way to debug and fix mixed-content problems in Firefox Developer Tools? Any detailed guidance or best practices would be greatly appreciated. Thanks in advance!