MozillaZine

Secure Connection Failed If security.tls.version.max at 4

User Help for Mozilla Firefox
WildcatRay

User avatar
 
Posts: 7448
Joined: October 18th, 2007, 7:03 pm
Location: Columbus, OH

Post Posted October 19th, 2018, 4:46 pm

I started getting the following on gmail on 2 of my 4 computers:

secure connection failed The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

The resolution I found was to change the pref security.tls.version.max from the standard 4 to 3

On my other 2 computers, I have no problem at all with the pref still at it's default of 4.

My question is "Why?"

All computers are Win10 current and up to date. Firefox 62.0.3. Disabling all addons, running in safe mode and refreshing Firefox did nothing to resolve it.

EDIT: I also replaced my profile on 1 computer with a backup from a computer where things were fine with the pref at 4. As I said above, only setting the pref to 3 "fixed" things.

EDIT2: Both computers were off from Sunday to Thursday. Worked fine on Sunday, did not on Thursday. "Fixed" on Friday by changing the pref from 4 to 3.
Last edited by WildcatRay on October 20th, 2018, 7:34 am, edited 2 times in total.
Ray

OS'es: 4 computers with Win10 Pro 64-bit; Current Firefox, Beta, Nightly, Chrome, Vivaldi

Brummelchen
 
Posts: 3840
Joined: March 19th, 2005, 10:51 am

Post Posted October 19th, 2018, 11:02 pm

because tls 1.3 is not spread that much?
https://support.mozilla.org/de/questions/1198543

default is "4" in Firefox 63 (security.tls.version.min is 1).
Windows is not the problem because firefox has its own cert store. the problem exists between firefox and your internet, this includes any active antivirus (not WD), your modem/router and providers gateway.

James
Moderator

User avatar
 
Posts: 27429
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted October 20th, 2018, 12:02 am

Brummelchen wrote:default is "4" in Firefox 63 (security.tls.version.min is 1).

4 for TLS 1.3 is the default for security.tls.version.max since Firefox 60.0

Brummelchen
 
Posts: 3840
Joined: March 19th, 2005, 10:51 am

Post Posted October 20th, 2018, 12:42 am

i did not changed anything in all firefox because there was no reason. v63 is next build and rc2 is done - my answer includes a foreview to this if "3" has been default.

James
Moderator

User avatar
 
Posts: 27429
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted October 20th, 2018, 12:57 am

3 = TLS 1.2 was the default for security.tls.version.max for Firefox 27.0 to 59.0.3 Releases.

WildcatRay

User avatar
 
Posts: 7448
Joined: October 18th, 2007, 7:03 pm
Location: Columbus, OH

Post Posted October 20th, 2018, 5:02 am

Brummelchen wrote:i did not changed anything in all firefox because there was no reason. v63 is next build and rc2 is done - my answer includes a foreview to this if "3" has been default.

As a reminder, I had to change security.tls.version.max to 3 get gmail to load on 2 computer while the other 2 work with the pref at the default 4.

Also, things worked fine on all 4 computers with the pref at 4 until Thursday of this week. My issue is why suddenly did this change? ](*,)
Ray

OS'es: 4 computers with Win10 Pro 64-bit; Current Firefox, Beta, Nightly, Chrome, Vivaldi

Brummelchen
 
Posts: 3840
Joined: March 19th, 2005, 10:51 am

Post Posted October 20th, 2018, 6:25 am

so this is gmail specific? if then pls change topic title to have benefit of other user with this issue or a solution, thx.

(/me not using gmail)

WildcatRay

User avatar
 
Posts: 7448
Joined: October 18th, 2007, 7:03 pm
Location: Columbus, OH

Post Posted October 20th, 2018, 7:06 am

No, not gmail-specific. TLS-specific.
Ray

OS'es: 4 computers with Win10 Pro 64-bit; Current Firefox, Beta, Nightly, Chrome, Vivaldi

Brummelchen
 
Posts: 3840
Joined: March 19th, 2005, 10:51 am

Post Posted October 20th, 2018, 7:39 am

the problem exists between firefox and your internet, this includes any active antivirus (not WD), your modem/router and providers gateway.

WildcatRay

User avatar
 
Posts: 7448
Joined: October 18th, 2007, 7:03 pm
Location: Columbus, OH

Post Posted October 20th, 2018, 7:49 am

Brummelchen wrote:
the problem exists between firefox and your internet, this includes any active antivirus (not WD), your modem/router and providers gateway.

First, same AV on all computers. Second, no effect when AV disabled.
Ray

OS'es: 4 computers with Win10 Pro 64-bit; Current Firefox, Beta, Nightly, Chrome, Vivaldi

morat
 
Posts: 2900
Joined: February 3rd, 2009, 6:29 pm

Post Posted October 20th, 2018, 7:55 am

Google drops trust for HTTPS security certificates issued by Symantec prior to June 2016. I don't know if Mozilla is doing the same thing.

Thousands of websites may stop working once Chrome 70 arrives
http://www.digitaltrends.com/computing/ ... own-fault/

Perhaps you could try troubleshooting the site.

More info: viewtopic.php?p=14806185#p14806185

James
Moderator

User avatar
 
Posts: 27429
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted October 20th, 2018, 1:37 pm


jscher2000

User avatar
 
Posts: 10285
Joined: December 19th, 2004, 12:26 am
Location: Silicon Valley, CA USA

Post Posted October 20th, 2018, 3:53 pm

Could it be a problem with a "man in the middle" (e.g., security software that filters your connection, proxy server, or malware)?

WildcatRay

User avatar
 
Posts: 7448
Joined: October 18th, 2007, 7:03 pm
Location: Columbus, OH

Post Posted October 20th, 2018, 5:08 pm

jscher2000 wrote:Could it be a problem with a "man in the middle" (e.g., security software that filters your connection, proxy server, or malware)?

Then, why not all 4, not just 2 computers?
Ray

OS'es: 4 computers with Win10 Pro 64-bit; Current Firefox, Beta, Nightly, Chrome, Vivaldi

Brummelchen
 
Posts: 3840
Joined: March 19th, 2005, 10:51 am

Post Posted October 20th, 2018, 11:10 pm

try this - close firefox, rename cert9.db/key4.db in cert9.old/key4.old (delete cert8.db/key3.db if present), restart fox. maybe cert store damaged.

Return to Firefox Support


Who is online

Users browsing this forum: Google [Bot] and 15 guests