Secure Connection Failed
https://forum.xcsoar.org/ has suddenly started failing to connect due to 'Secure Connection Failed' using Firefox ESR 52.1.0 (32-bit). I have accessed this site many times before and it still works from other browsers e.g. Chrome. The certificate is shown as being valid 128bit TLS1.2
Chosen solution
If you get "Secure connection failed" because "connection was reset" AND you have a successful SSL handshake (shown by the Page Info dialog) at the same time, then there isn't an SSL problem -- you can ignore the word "secure" because really it's "connection failed." There's some other problem, commonly the server rejecting your request for some reason, such as not getting expected information.
One thing you could try while you wait for any authoritative explanation is to use a fresh Firefox profile.
New Profile Test
This takes about 3 minutes, plus the time to test the site.
Inside Firefox, type or paste about:profiles in the address bar and press Enter/Return to load it.
Click the Create a New Profile button, then click Next. Assign a name like May2017, ignore the option to relocate the profile folder, and click the Finish button.
After creating the profile, scroll down to it and click the Set as default profile button below that profile, then scroll back up and click the Restart normally button. (There are some other buttons, but I think those are still "under construction" so please ignore them.)
Firefox should exit and then start up using the new profile, which will just look brand new.
Does the forum let you in using the new profile?
When you are done with the experiment, open the about:profiles page again, click the Set as default profile button for your normal profile, then click the Restart normally button to get back to it.
Read this answer in context 👍 0All Replies (17)
I had no problem with the link.
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate.
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
I use AVG free and have tried with that turned off. As the certificate shows as valid from within Firefox and Chrome I don't think that can be the cause. Did you try with ESR version (which I use so that I can still access a site using java)?
and I have tried the various settings in the links you posted to no avail.
Many site issues can be caused by corrupt cookies or cache.
- Clear the Cache and
- Remove Cookies
Warning ! ! This will log you out of sites you're logged in to. You may also lose any settings for that website.
Type about:preferences<enter> in the address bar.
- Cookies; Select Privacy. Under History, select
Firefox will Use Custom Settings. Press the button on the right side called Show Cookies. Use the search bar to look for the site. Note; There may be more than one entry. Remove All of them.
- Cache; Select Advanced > Network. Across from
Cached Web Content, Press Clear Now.
If there is still a problem, https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode Start Firefox in Safe Mode A small dialog should appear. Click Start In Safe Mode (not Refresh). While you are in safe mode;
Type about:preferences#advanced<enter> in the address bar.
Under Advanced, Select General. Look for and turn off Use Hardware Acceleration.
Then restart. Poke around safe websites. Are there any problems?
You can check TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 on the about:config page to see if this cipher suite is enabled.
- security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256
You can open the about:config page via the location/address bar. You can accept the warning and click "I'll be careful" to continue.
Modified
Thanks for the suggestions. I had already tried clearing cache and cookies, I have now tried safe mode and reset, still wit the same result. I dont find the security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 option under about:config. it does seem possible that the issue is the 128bit certificate, other https sites I have found seem to have 256bit certificates.
Try to rename cert8.db in the profile folder.
You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.
- Help -> Troubleshooting Information -> Profile Directory:
Windows: Show Folder; Linux: Open Directory; Mac: Show in Finder - http://kb.mozillazine.org/Profile_folder_-_Firefox
I renamed rename cert8.db, it was recreated as soon as I restarted Firefox and did not affect the issue. I can access this site from Firefox on my Android and Unix (Firefox ESR 45.4.0) machines so I think it is most likely a bug or a setting unique to the ESR version which I am using on Windows.
Does the error page give an explanation for the problem? Usually if there is no matching cipher, that will be stated explicitly. If that isn't there, it may be something else completely. You could copy/paste the whole paragraph into a reply.
There is a different kind of error page that has an Advanced button. if you see that one, clicking the button will provide more technical details about the issue.
This is the screen and the dialogue shown by selecting the certificate
Do a malware check with several malware scanning programs on the Windows computer.
Please scan with all programs because each program detects different malware. All these programs have free versions.
Make sure you update each program to get the latest version of their databases before doing a scan.
- Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php - AdwCleaner:
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml - SuperAntispyware:
http://www.superantispyware.com/ - Microsoft Safety Scanner:
http://www.microsoft.com/security/scanner/en-us/default.aspx - Windows Defender:
http://windows.microsoft.com/en-us/windows/using-defender - Spybot Search & Destroy:
http://www.safer-networking.org/en/index.html - Kasperky Free Security Scan:
http://www.kaspersky.com/security-scan
You can also do a check for a rootkit infection with TDSSKiller.
- Anti-rootkit utility TDSSKiller:
http://support.kaspersky.com/5350?el=88446
See also:
- "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
Could you explain why malware would only affect connection to one site which can be accessed from other browsers? I do use antivirus software and often scan with different software. Using all those listed would take a while so I would like to understand the logic
There are two possible causes. Either the website server is blocking you (your IP) for some reason or there is something on your computer that is blocking it since we can't replicate this issue and can connect to the website. The former you can test with a VPN or anonymous proxy that you would have to trust if you need to login.
guycorbett said
This is the screen and the dialogue shown by selecting the certificate
Hmm, how did you get the Page Info dialog if Firefox cannot connect to the site? Is it an intermittent error where you can reload to get the page or get some parts of the site but not others?
It is not intermittent it happens every time. The fact that I can connect with Chrome shows to me that the isue is with Firefox rather than my PC. As far as I can tell no one else here has tried to replicate with the ESR version of Firefox. I am busy elsewhere today but I think my next step has to be uninstalling ESR and trying with the ordinary version
Chosen Solution
If you get "Secure connection failed" because "connection was reset" AND you have a successful SSL handshake (shown by the Page Info dialog) at the same time, then there isn't an SSL problem -- you can ignore the word "secure" because really it's "connection failed." There's some other problem, commonly the server rejecting your request for some reason, such as not getting expected information.
One thing you could try while you wait for any authoritative explanation is to use a fresh Firefox profile.
New Profile Test
This takes about 3 minutes, plus the time to test the site.
Inside Firefox, type or paste about:profiles in the address bar and press Enter/Return to load it.
Click the Create a New Profile button, then click Next. Assign a name like May2017, ignore the option to relocate the profile folder, and click the Finish button.
After creating the profile, scroll down to it and click the Set as default profile button below that profile, then scroll back up and click the Restart normally button. (There are some other buttons, but I think those are still "under construction" so please ignore them.)
Firefox should exit and then start up using the new profile, which will just look brand new.
Does the forum let you in using the new profile?
When you are done with the experiment, open the about:profiles page again, click the Set as default profile button for your normal profile, then click the Restart normally button to get back to it.
Before I read your post about the profile, I updated to the non ESR version which fixed the issue. I then reinstalled the ESR version and it still works. Perhaps that recreated the profile or maybe an update had not applied properly. Either way the fix was basically uninstall and reinstall Firefox. Thanks for all the suggestions.