Firefox 61: Fix Secure Connection Failed - gHacks Tech News

Firefox 61: Fix Secure Connection Failed

If you have upgraded to yesterday's new Firefox 61 version you may have received a secure connection failed error when trying to connect to this very site and others.

The error message reads:

Secure Connection Failed
An error occurred during a connection to [site name]. SSL received a record that exceeded the maximum permissable length. Error Code: SSL_ERROR_RX_RECORD_TOO_LONG.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

Here is a screenshot of the error when trying to connect to the site using Firefox 61.

firefox secure connection failed

We know so far that the issue is related to establishing a secure connection but it is unclear just from reading the message whether that is a site problem, a browser problem, or caused by software that interferes with the connection.

Previous versions of Firefox don't throw the error message. Mozilla revealed in the changelog that it enabled the latest draft of the TLS 1.3 specification. We reviewed the change back in April 2018, and you can easily check which version of TLS is supported by loading about:config?filter=security.tls.version in Firefox's address bar. Check the security.tls.version.maximum value; it should read 4 which is the new maximum. Previous versions of Firefox used the value 3 there.

firefox tls version

In fact, if you switch the value to 3 the error goes away. You can access any site again and the secure connection failed error does not show up anymore.

While you can do that, you may want to know more about the issue that is causing secure connections to fail in Firefox 61.

Update: Before you proceed with the instructions below, try the following in Firefox to see if it resolves the issue on your end:

  1. Open about:preferences#privacy in the browser.
  2. Scroll down to the Certificates section and click on "View certificates".
  3. Make sure the Authorities tab is selected.
  4. Locate Avast certificates and use the delete option to remove them
  5. Use the import button to import the certificates from C:\ProgramData\AVAST Software\Avast\wscert.dat

Chance is that you have Avast, AVG, or other security software installed on the device that interferes with HTTPS traffic.

If you run Avast, you can disable the HTTPS scanning part of the security software's Web Shield to resolve the issue without dropping the maximum TLS version in Firefox from 4 to 3.

Here is how that is done:

Double-click on the Avast software icon in the System Tray area to display the main interface of the application.

Select Menu > Settings to display all program preferences.

Switch to the Components section in the sidebar.

Select the customize link displayed for the Web Shield component.

avast web shield

Locate "Enable HTTPS Scanning" and uncheck the box.

avast web shield disable https

Select ok to save the change and ok on the next page to return to the main interface.

When you try to load sites that failed to load in Firefox 61 previously you will notice that the sites load just fine.

Other security solutions may use similar components that interfere with HTTPS traffic. If you don't run Avast try to find an option in the settings to turn of HTTPS scanning to resolve the issue.

Now You: Did you run into Secure Connection Failed issues with Firefox 61?

Summary
Firefox 61: Fix Secure Connection Failed
Article Name
Firefox 61: Fix Secure Connection Failed
Description
If you have upgraded to yesterday's new Firefox 61 version you may have received a secure connection failed error when trying to connect to this very site and others.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Yuliya said on June 27, 2018 at 11:57 am
    Reply

    No problems on Windows 7 with no antivurs (ahahahaha, how ironic) and security.tls.version.maximum=4.

    1. Tom Hawack said on June 27, 2018 at 1:52 pm
      Reply

      I first felt like copy/pasting your comment, Yuliya, laugh included!
      No antivirus here as well, and if I had one it certainly wouldn’t be Avast which is always a problem ahead : what now this time, besides recalls to upgrade to a paid version for those who run it as freeware? They’d rather anticipate browsers’ modifications than focus on potential customers.

      In fact I’ve had security.tls.version.max set to 4 for some time now and if I ever encountered an issue it will have been for a site not important enough (in my view) to lower 4 to 3.

  2. TelV said on June 27, 2018 at 12:10 pm
    Reply

    I had this very same problem just a couple of weeks ago even though I had Waterfox rather than Firefox installed on my mobile phone.

    Whenever I go away on vacation to Thailand I always purchase a local SIM in order to avoid roaming charges. On this particular occasion, I bought a local SIM from AIS in their own store in Patong, Phuket. At first the same message as shown in the article appeared whenever AIS tried to make a connection, but they eventually resolved it although I don’t know how exactly.

    I use the free version of Sophos Mobile Security on my phone though which is more than adequate for me having switched to that after Malwarebytes ceased to offer the full range of protection for the free version at the time. I’ve looked at the settings, but can’t find anything relevant unfortunately. However, now that I’ve returned home, I don’t use the phone for browsing at all preferring instead to use my Windows 8.1 laptop.

  3. SkinnerB said on June 27, 2018 at 12:10 pm
    Reply

    I wouldn’t be surprised if Mozilla’s market share dropped from 10% to below 5% overnight because of this catastrophe. I had to go to my phone for an answer because I couldn’t load Google from my desktop.

    What kind of QA team doesn’t test their software’s new SECURITY interaction with the top 3 most popular AV software? Does nobody at Mozilla use AV? Are they all just running around practically naked with just Windows Defender loin cloths?

    If it’s a browser bug, they should have caught it and fixed it. If it’s the AV’s fault, they should have deprecated the new security protocols until the AV companies implemented proper adherence to standards. Either way it’s Mozilla’s fault and this should have never been allowed out the door.

    As someone who has been using FF since the pre-Netscape / Mosaic days. I can say with confidence that this is easily the single most stupidest thing they’ve done – ever. Until now they’ve had a history of questionable-to-poor judgment, but this is just plain incompetence.

    1. Richard said on June 27, 2018 at 7:55 pm
      Reply

      I couldn’t have said it better. In addition, my Lastpass addon kept logging me out every time I closed FF. That’ll be a few hours I’ll never get back trying to trouble shoot! Thank goodness I stumbled upon this submission by gHacks.

  4. Thorky said on June 27, 2018 at 12:28 pm
    Reply

    security.tls.version.max 4 works for me with Bitdefender Antivirus Plus 2018

  5. exrelayman said on June 27, 2018 at 2:20 pm
    Reply

    This has happened for me twice in the past when using Sandboxie and Firefox updated. I searched and found the about:config modification that solved the problem. Each time Sandboxie responded and fixed the problem in a week or two. So if you gave up using Sandboxie in the past because of this problem, update to the latest version and this problem will likely be gone. I say ‘likely’ because computers are complex beasts, and many times what works on one computer doesn’t work for someone else.

  6. Ross Presser said on June 27, 2018 at 2:34 pm
    Reply

    For what it’s worth, after reading this article (in Chrome), I updated Firefox to version 61 and nagicated to https://www.ghacks.net. I connected successfully, with no error, on the very first try.

  7. pHROZEN gHOST said on June 27, 2018 at 3:02 pm
    Reply

    Wow. Thanks for that one Martin.

    I installed the latest Firefox but did not browse many sites. So, until I read this article in Chrome, I was unaware of the problem with Firefox.

    How is it that Chrome does not have this issue when I am using HTTPS Everywhere?
    This would seem to suggest that Firefox is the real problem.

    1. pHROZEN gHOST said on June 27, 2018 at 3:22 pm
      Reply

      OK, I’m guessing that Chrome is not using TLS 1.3.

      1. ilev said on June 27, 2018 at 7:21 pm
        Reply

        Chrome uses TLS 1.3 (it is the default on my Chrome).
        No HTTPS problems.

      2. Tom Hawack said on June 27, 2018 at 7:40 pm
        Reply

        @ilev, to be noted perhaps that there is no Firefox 61 TLS1.3 HTTPS problem as such. Myself and many other users have set security.tls.version.max to 4 since a long time without facing connection issues and when we have the very nature of the issue is that a site won’t handle it, nothing to do with Firefox. Problems reported here and elsewhere concern users who run an antivirus which includes HTTPS scanning and which get triggered by a setting they hadn’t either coded or anticipated, which is by the way relevant of faulty practices.

      3. pHROZEN gHOST said on June 28, 2018 at 3:30 pm
        Reply

        Hey Tom, hopefully you have some insight.

        How is it that, before this fix, with Avast is scanning HTTPS, Chrome (apparently using TLS 1.3) worked fine and Firefox (updated to use TLS 1.3) did not?

        I’m curious.

      4. Tom Hawack said on June 28, 2018 at 3:49 pm
        Reply

        @pHROZEN gHOST, maybe the answer is in your question : “Chrome (apparently using TLS 1.3)”. Apparently or factually? If factually then I have no answer, and because I don’t have Chrome installed and never get to use it wherever I go (all my friends use Firefox) I cannot further investigate on that battle ground!

      5. pHROZEN gHOST said on June 28, 2018 at 4:43 pm
        Reply

        Hey Tom,

        I respect your right to use whatever browser you choose.

        I used the word “apparently” because of a comment made by ilev. Checking further, I can confirm that TLS 1.3 is on in Chrome.

        http://www.ssllabs.com/ssltest/viewMyClient.html

        So, it would appear that the issue is with Firefox not the AV’s scanning of https.

      6. Tom Hawack said on June 28, 2018 at 5:23 pm
        Reply

        @pHROZEN gHOST,
        “[…]So, it would appear that the issue is with Firefox not the AV’s scanning of https.”

        Basically, logically, experimentally : yes.
        But have you considered the impact of negative thoughts on the outcome of phenomenology?
        No? Neither have I : my joke to hide my consternation : it indeed seems that at least part of the issue is specific to Firefox 61, which would invalidate my above, previous comment.

        I am stunned immaculate :=)

  8. BigTuna2K18 said on June 27, 2018 at 3:33 pm
    Reply

    I have Windows 7 and just upgraded to Firefox 61 yesterday. I use AVG Free and the ‘Secure Connection Failed’ error message was driving me CRAZY!!!

    I brought up AVG –> Menu –> Settings –> Components –> Web Shield Customize and un-checked “Enable HTTPS Scanning” like you did for Avast (Avast and AVG are the same company now).

    Thank you, thank you, THANK YOU!!!

    1. Martin Brinkmann said on June 27, 2018 at 5:34 pm
      Reply

      Great that it worked out for you and thank you for the instructions for AVG.

  9. Anonymous said on June 27, 2018 at 3:33 pm
    Reply

    Stay away from Avast its caused a lot of problems in past and today is still causing. Just remember the nightmare that some people had a blue screen when they upgraded to Windows 10 1803 via update.

    1. pHROZEN gHOST said on June 27, 2018 at 6:55 pm
      Reply

      Whenever I update Windows, I turn off my AV because there is always the possibility that it could prevent some components from installing properly. I have not had an issue with this approach.

      I also make a full backup of the drive before the update so I can get back no matter what happens. It only takes 4 – 5 minutes to save days of recovery.

  10. Šime Vidas said on June 27, 2018 at 3:58 pm
    Reply

    Anti-virus software sucks 👎. Firefox with Tracking Protection and a well-configured ad/tracking blocker is all you need.

    1. Agent Smith said on June 27, 2018 at 6:27 pm
      Reply

      I would add HOSTS file to the list.

  11. Xibula said on June 27, 2018 at 4:39 pm
    Reply

    i think it’s time for you to let go avast
    get with the times

  12. BigTuna2K18 said on June 27, 2018 at 6:37 pm
    Reply

    Martin, I know this is off topic (I apologize).

    Could you do a write up on anti-virus software? (apologize again if its already been done). I’ve read again and again about ppl who don’t use AV software.

    For ppl who do that:
    – Do you have families?
    – Does the wife and kids each have their own computer with some sort of protection while your computer has none?
    – What AV protection do you recommend?

    I’ll man up and admit that I visit shady sites (streaming sites). I’ve been using AVG Free and it has saved my ass plenty of times. I wouldn’t think of going to those sites without it (especially when crypto mining was popular awhile back. If you have kids, I wouldn’t think about letting them use a computer without AV, too. Mac or PC).

    I would love to read the results of that article. Again I apologize.

    1. VioletMoon said on June 28, 2018 at 4:24 am
      Reply

      Honestly! Many reviews of free and paid security suites, but if one is going to “shady” sites, it might be better to use a Linux distro running in VirtualBox or VMware Player. Or maybe use Comodo and run the browser in a sandbox. “Shady” sites use highly sophisticated techniques to gain whatever is wanted. One’s entire identity can be had without the user even “sniffing” a clue.

      Panda Global Shield sounds interesting. Personally, like BitDefender and Norton.

      https://www.pcmag.com/article2/0,2817,2372364,00.asp

    2. STech said on June 28, 2018 at 9:13 pm
      Reply

      @BigTuna2K18, very good question
      Most tech literate people aren’t using AV solutions because AV is ‘a man in the middle’ that you choose to trust blindly. AV has access to ALL your system files and to ALL your internet traffic – it knows you better than your mother :). So, if you know your stuff, you cannot install such a software on your system. Better to risk to get a malware and restore from my backups than give all my data willingly.
      I always used common sense and tech knowledge and I never had a problem, but you need to be tech savvy at least for that.
      For my family and friends is another matter. I choose to install an AV on their systems and I did it for saving my time. BUT, I always choose a PAID AV because the ‘freeware’ solutions make money for their companies by collecting and using your data (because those companies make money even if you are not paying them). Second, do not activate HTTPS traffic scan or deactivate it if it’s enabled and do NOT install AV certificates on your system (or delete them), because these certificates are not issued by a CA and can be spoofed easily by a third person who would have complete access to your system, and because if you let the AV to scan your HTTPS traffic it will know all your Google, Facebook, banks and all other logins passwords which it can see them in plain text; and if it’s a ‘freeware’ solution that makes money ask yourself how it does it…. And even if it’s a trustworthy company, if its servers are hacked all your private data will be in the wild.

  13. Anonymous said on June 27, 2018 at 6:45 pm
    Reply

    I am just into this very issue for 2 days now… Thanks for the suggested fix

  14. Tony said on June 27, 2018 at 7:46 pm
    Reply

    How many people can’t read this article because they can’t access this site, and therefore can’t fix the issue to access this site? Irony.

  15. Anders said on June 27, 2018 at 11:18 pm
    Reply

    Not a good move to turn off HTTPS scanning. Rather use the Firefox config than turning off HTTPS scanning. This is a Firefox (Mozilla) fault not AV companies.

  16. Tom said on June 28, 2018 at 1:03 am
    Reply

    Since upgrading, it’s happening constantly on everything, most notably Google.

    Come on, Firefox, fix your crap.

  17. ddk said on June 28, 2018 at 3:05 am
    Reply

    Win Defender/Firewall on here, does a pretty good job although every now & then, malware can slip through. Using Win 8.1, I’ll miss EMET which is MS’s mitigation tool due to be dropped next month.

    I keep trying FF but it fails on sites that work flawlessly in Chrome. Venture Sky & Google Earth to name a few. Also Chrome doesn’t throw erroneous SSL msgs, I’ll see those if sites are legit bad or Ublock detects an issue.

  18. Alan said on June 28, 2018 at 4:16 am
    Reply

    Using Avast here and no problems occured.

    Firefox recently shipped with TLS1.3 support where as Avast/AVG are still using TLS1.2.

    Just delete the certificates and import them back again until they push out a fix.
    https://bugzilla.mozilla.org/show_bug.cgi?id=1468892#c31

  19. JK said on June 28, 2018 at 4:28 am
    Reply

    Is it specific to COMODO SSL? I found that the issue more affected with sites that uses COMODO SSL.

  20. AmberRose said on June 28, 2018 at 4:35 am
    Reply

    Theodore winces; does he dare ‘disturb the universe’ and mention that any and all of the problems mentioned on Martin’s site he never encounters. Could it be something else. No problems with FF; no problems with Windows 10 upgrades and such things. He closes his eyes and jumps into a refreshing pool of La Sal mountain water that is percolating-winding through the desert valley. Moonflowers are beginning to open. The mosquitoes question his wet skin. The sunset makes the surrounding slickrock look like orange sherbet. Project Fi even works in the desolate reaches of lonely juniper trees and Indian Paintbrush. “Never mind,” he thinks. His twisted, old limbs climb out of the pothole. He shivers a bit. “Dry rains after hot days like this. Fires. He will be working 24/7 by July 4.” He knows this, feels this. Lives for the coming of the Fire.

  21. keven said on June 28, 2018 at 5:09 am
    Reply

    I tried both of the solutions mentioned in avast and about config but neither worked

  22. Dave said on June 28, 2018 at 6:38 am
    Reply

    Webroot SecureAnywhere – No issues ;)

  23. Eaglenik said on June 28, 2018 at 2:30 pm
    Reply

    Thank you Martin, appreciate it !

  24. Anonymous said on June 28, 2018 at 3:40 pm
    Reply

    same problem here!!! this solved it so far!!!

  25. pHROZEN gHOST said on June 28, 2018 at 5:10 pm
    Reply

    I just installed FF 61 on another PC. Avast is running. HTTPS scanning is enambled. There is no connection issue.

    Very interesting!

    1. Tom Hawack said on June 28, 2018 at 5:28 pm
      Reply

      Interesting, thanks for the info. The problematic appears more complex as time flies.

  26. Keven said on June 28, 2018 at 7:16 pm
    Reply

    Until firefox fixes this, I uninstalled firefox and reverted back to version 59 and this problem went away. Also, you have to disable the auto updates.

  27. Tyler said on June 28, 2018 at 8:00 pm
    Reply

    Users should not be running out of date versions of Firefox, nor should you be setting the TLS version to something other than default. Both of those “workarounds” leave you vulnerable.

    Instead, either disable the “web scan” malware that the anti-virus uses, or just uninstall crappy anti-virus altogether and use Windows Defender.

    Please stop telling users to do things that put them more at risk.

  28. Ficho said on June 28, 2018 at 11:55 pm
    Reply

    Avast fixed it. Everything is fine now.

    1. BigTuna2K18 said on June 29, 2018 at 8:44 pm
      Reply

      I turned ‘Enable HTTPS Scanning’ back on in AVG Free and can confirm that I do not receive any more Secure Connection Failed error pages.

      Thank you, Martin, for the work around. Thank you, Ficho, for the update.

  29. AAA said on June 29, 2018 at 7:53 pm
    Reply

    I used to have this issue every time I refreshed the Firefox. I had Kaspersky installed.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.