secure connection failed, Restore default settings
Hi, I've been having these Secure Connection Failed (connection interrupted) errors, exclusively while browsing craigslist. A refresh almost always fixes it, but at the bottom of those error messages, it tells me my network security settings might be causing this with a button to restore default. I don't think I've ever changed any of those settings in Firefox.
My question is, what exactly would clicking the restore default settings do? What would it change? Would it lower security in my browser? Any help is appreciated!
所有回复 (8)
You can try these steps in case of issues with web pages:
You can reload web page(s) and bypass the cache to refresh possibly outdated or corrupted files.
- hold down the Shift key and left-click the Reload button
- press "Ctrl + F5" or press "Ctrl + Shift + R" (Windows,Linux)
- press "Command + Shift + R" (Mac)
Clear the cache and remove the cookies from websites that cause problems via the "3-bar" Firefox menu button (Options/Preferences).
"Clear the cache":
- Options/Preferences -> Advanced -> Network -> Cached Web Content: "Clear Now"
"Remove the cookies" from websites that cause problems.
- Options/Preferences -> Privacy -> "Use custom settings for history" -> Cookies: "Show Cookies"
Start Firefox in Safe Mode to check if one of the extensions ("3-bar" menu button or Tools -> Add-ons -> Extensions) or if hardware acceleration is causing the problem.
- switch to the DEFAULT theme: "3-bar" menu button or Tools -> Add-ons -> Appearance
- do NOT click the "Refresh Firefox" button on the Safe Mode start window
- https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode
- https://support.mozilla.org/en-US/kb/troubleshoot-extensions-themes-to-fix-problems
You can remove all data stored in Firefox from a specific domain via "Forget About This Site" in the right-click context menu of an history entry ("History -> Show All History" or "View -> Sidebar -> History").
Using "Forget About This Site" will remove all data stored in Firefox from that domain like bookmarks and history and cookies and passwords and cache and exceptions, so be cautious. If you have a password or other data from that domain that you do not want to lose then make sure to backup this data or make a note.
You can't recover from this 'forget' unless you have a backup of involved files.
If you revisit a 'forgotten' website then data from that website will be saved once again.
ffjoe said
Hi, I've been having these Secure Connection Failed (connection interrupted) errors, exclusively while browsing craigslist. A refresh almost always fixes it, but at the bottom of those error messages, it tells me my network security settings might be causing this with a button to restore default. I don't think I've ever changed any of those settings in Firefox.
By refresh I assume you mean reloading the page... you aren't using Firefox's major settings/add-ons reset.
Your question is hard to answer because I don't have a comprehensive list of the kinds of changes that the page checks for. If you open the Troubleshooting Information page, there is a section called Important Modified Preferences. You could scroll down on that page and look for preferences that contain security (I think you can ignore the ones that start with "security.crl.autoupdate" since those are not customized by you, but only by Firefox).
For what it's worth, I have these.
security.disable_button.openCertManager => false security.disable_button.openDeviceManager => false security.sandbox.content.tempDirSuffix [set by Firefox] security.ssl.treat_unsafe_negotiation_as_broken => true security.ssl3.dhe_rsa_aes_128_sha => false security.ssl3.dhe_rsa_aes_256_sha => false security.tls.version.max => 4
Do you have any modified settings in that area?
I don't remember the reasons for all of these tweaks, but the two that contain "dhe" are to bypass problems with older servers that can block a connection (because those servers are vulnerable to the Logjam attack). You can turn those off yourself here:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste SSL3 and pause while the list is filtered
Firefox should display about 15 lines starting with security.ssl3
(3) If any of the preferences is bolded and "user set" to false, double-click it to restore the default value of true EXCEPT
(4) You can block these two to improve your security (double-click to switch them from true to false):
- security.ssl3.dhe_rsa_aes_128_sha
- security.ssl3.dhe_rsa_aes_256_sha
Be cautious with modifying prefs if you have never made changes yourself on the about:config page.
disable_button prefs are created by Firefox, so leave these at their false setting. Best is to leave TLS 1.3 disabled (security.tls.version.max = 3; this is likely done via a special system extension).
- Bug 1368599 - Disable TLS 1.3 by default for FF 54
- Bug 1385927 - Disable TLS 1.3 by default for FF 55
由cor-el于
jscher2000 said
ffjoe saidHi, I've been having these Secure Connection Failed (connection interrupted) errors, exclusively while browsing craigslist. A refresh almost always fixes it, but at the bottom of those error messages, it tells me my network security settings might be causing this with a button to restore default. I don't think I've ever changed any of those settings in Firefox.By refresh I assume you mean reloading the page... you aren't using Firefox's major settings/add-ons reset.
Your question is hard to answer because I don't have a comprehensive list of the kinds of changes that the page checks for. If you open the Troubleshooting Information page, there is a section called Important Modified Preferences. You could scroll down on that page and look for preferences that contain security (I think you can ignore the ones that start with "security.crl.autoupdate" since those are not customized by you, but only by Firefox).
For what it's worth, I have these.
security.disable_button.openCertManager => false security.disable_button.openDeviceManager => false security.sandbox.content.tempDirSuffix [set by Firefox] security.ssl.treat_unsafe_negotiation_as_broken => true security.ssl3.dhe_rsa_aes_128_sha => false security.ssl3.dhe_rsa_aes_256_sha => false security.tls.version.max => 4
Do you have any modified settings in that area?
I don't remember the reasons for all of these tweaks, but the two that contain "dhe" are to bypass problems with older servers that can block a connection (because those servers are vulnerable to the Logjam attack). You can turn those off yourself here:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste SSL3 and pause while the list is filtered
Firefox should display about 15 lines starting with security.ssl3
(3) If any of the preferences is bolded and "user set" to false, double-click it to restore the default value of true EXCEPT
(4) You can block these two to improve your security (double-click to switch them from true to false):
- security.ssl3.dhe_rsa_aes_128_sha
- security.ssl3.dhe_rsa_aes_256_sha
Hi, and thank you both for your help.
Yes, I meant reloading the page. This usually happens when I click on a page from nearby city's craigslist at the bottom of pages. If it's as simple as reloading the page, I'm not too worried about a fix. I'm more interested in what the "Restore default settings" would do.
On the Troubleshooting page, I have the first three the same as you, but none of the other four. I also have an entry for tls version min which is set to 3.
I edited the SSL3 settings you suggested to false.
I saw something a few hours ago saying that making Firefox use TLS 1.3 was the most secure way of using. Is this not true?
You can leave security.tls.version.max set to 3 (TLS 1.2) since the devs have decided that TLS 1.3 isn't ready yet to be used on the release update channel.
- Bug 1368599 - Disable TLS 1.3 by default for FF 54
- Bug 1385927 - Disable TLS 1.3 by default for FF 55
cor-el said
You can leave security.tls.version.max set to 3 (TLS 1.2) since the devs have decided that TLS 1.3 isn't ready yet to be used on the release update channel.
- Bug 1368599 - Disable TLS 1.3 by default for FF 54
- Bug 1385927 - Disable TLS 1.3 by default for FF 55
Hi, that was a mistake on my part, I have the tls.version.max set to 3. Is it ok to set the tls.version.min to 3 as well?
Did this error cause any kind of security issue where I would have to change my passwords for other website or anything like that?
ffjoe said
Is it ok to set the tls.version.min to 3 as well?
3 indicates that Firefox wants TLS 1.2. If you set the minimum to 3, then sites which can only connect using TLS 1.0 or TLS 1.1 will stop working in Firefox. Your choice.
Did this error cause any kind of security issue where I would have to change my passwords for other website or anything like that?
I don't see how adjusting the MIN or MAX preference could cause any security issue for you because at worst Firefox would not have been able to connect. All of the allowed levels are acceptable, even if the higher ones are better.
jscher2000 said
ffjoe saidIs it ok to set the tls.version.min to 3 as well?3 indicates that Firefox wants TLS 1.2. If you set the minimum to 3, then sites which can only connect using TLS 1.0 or TLS 1.1 will stop working in Firefox. Your choice.
Did this error cause any kind of security issue where I would have to change my passwords for other website or anything like that?I don't see how adjusting the MIN or MAX preference could cause any security issue for you because at worst Firefox would not have been able to connect. All of the allowed levels are acceptable, even if the higher ones are better.
That was my main concern, that it may have been some sort of attack that would have compromised my logins (I don't save passwords for this reason). Thank you for all your help!