We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Version 37.0.1 - Secure Connection failed.

more options

Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled.

We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html.

What would be causing this problem and how might it best be resolved?

Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled. We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html. What would be causing this problem and how might it best be resolved?

All Replies (10)

more options

What is the address of your site?

more options

Can you post a link or the domain, so we can check the certificate?

What happens if you add the domain to the security.tls.insecure_fallback_hosts pref?

Did you check the Browser Console (Firefox/Tools > Web Developer) for error messages?

Note that SSL3 shouldn't be used these days and signing with SHA-256 is preferred.


The website may try to fallback to TLS 1.0 in a way that is no longer allowed in current releases or may be using or offering deprecated cipher suites.

You can open the about:config page via the location/address bar and use its search bar to locate this pref:

  • security.tls.insecure_fallback_hosts

You can double-click the line to modify the pref and add the full domain to this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). You should only see domains separated by a comma in the value column.


more options

If it's the domain matching your username, your ciphers are limited to RC4 ciphers. Starting in Firefox 36, this generated a warning icon in the address bar (exclamation triangle) as Firefox no longer considers it secure. However, I'm not sure what accounts for the more severe message you're getting now if the site supports TLS 1.2.

more options

theswingsite said

Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled. We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html. What would be causing this problem and how might it best be resolved?


'What happens if you add the domain to the security.tls.insecure_fallback_hosts pref? It works

It also works if I do the following Setting security.tls.version.fallback-limit to '0'

TLS 1.0 currently enabled for "server" no "client" registry entry


The Site is https://www.theswingsite.com

more options

theswingsite said

Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled. We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html. What would be causing this problem and how might it best be resolved?


NOTE: This never happened in pre "37.0.0" releases, nor do other browsers have a problem.

more options

theswingsite said

Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled. We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html. What would be causing this problem and how might it best be resolved?


One more piece of the puzzle. My Windows Server 2008R2 event log is showing.

An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server

more options

theswingsite said

'What happens if you add the domain to the security.tls.insecure_fallback_hosts pref? It works It also works if I do the following Setting security.tls.version.fallback-limit to '0'

That does not work for me on your site (trying to login as user asdf). Not sure what's going on.

more options

theswingsite said

Started getting Secure Connection failed with Version 37.0.1. The site has SHA-2 certificates TLS 1.0 disabled and TLS 1.1 and 1.2 enabled. SLS 3.0 is also enabled. We've got a "B" rating with https://www.ssllabs.com/ssltest/analyze.html. What would be causing this problem and how might it best be resolved?


I attached an image of what IISCrypto is reporting .

more options

Any thoughts? Do FireFox developers respond here?

Nothing I try seems to resolve this problem.   I need to know WHAT changed in Version 37, as I've never had this problem in the last 8 years.
more options

Firefox developers generally do not monitor this forum.

I'm not very skilled at searching the bug database, but it appears there were approximately/at least 49 changes related to TLS in Firefox 37: https://bugzilla.mozilla.org/buglist.cgi?list_id=12203346&resolution=FIXED&query_format=advanced&component=Security%3A%20PSM&target_milestone=mozilla37&f2=cf_status_firefox37&bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&limit=0

I can't tell which, if any, of those is causing the issue. There is a somewhat standard approach to tracking down problem change sets which is to look for a regression range, but this is somewhat time-consuming. See: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Mozmill/How_to_do_regression_testing