Secure Connection Failed If security.tls.version.max at 4

[WildcatRay]

I started getting the following on gmail on 2 of my 4 computers:

secure connection failed The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

The resolution I found was to change the pref security.tls.version.max from the standard 4 to 3

On my other 2 computers, I have no problem at all with the pref still at it's default of 4.

My question is "Why?"

All computers are Win10 current and up to date. Firefox 62.0.3. Disabling all addons, running in safe mode and refreshing Firefox did nothing to resolve it.

EDIT: I also replaced my profile on 1 computer with a backup from a computer where things were fine with the pref at 4. As I said above, only setting the pref to 3 "fixed" things.

EDIT2: Both computers were off from Sunday to Thursday. Worked fine on Sunday, did not on Thursday. "Fixed" on Friday by changing the pref from 4 to 3.

[Brummelchen]

because tls 1.3 is not spread that much?
https://support.mozilla.org/de/questions/1198543

default is "4" in Firefox 63 (security.tls.version.min is 1).
Windows is not the problem because firefox has its own cert store. the problem exists between firefox and your internet, this includes any active antivirus (not WD), your modem/router and providers gateway.

[James]

default is "4" in Firefox 63 (security.tls.version.min is 1).

4 for TLS 1.3 is the default for security.tls.version.max since Firefox 60.0

[Brummelchen]

i did not changed anything in all firefox because there was no reason. v63 is next build and rc2 is done - my answer includes a foreview to this if "3" has been default.

[James]

3 = TLS 1.2 was the default for security.tls.version.max for Firefox 27.0 to 59.0.3 Releases.

[WildcatRay]

i did not changed anything in all firefox because there was no reason. v63 is next build and rc2 is done - my answer includes a foreview to this if "3" has been default.

As a reminder, I had to change security.tls.version.max to 3 get gmail to load on 2 computer while the other 2 work with the pref at the default 4.

Also, things worked fine on all 4 computers with the pref at 4 until Thursday of this week. My issue is why suddenly did this change?

[Brummelchen]

so this is gmail specific? if then pls change topic title to have benefit of other user with this issue or a solution, thx.

(/me not using gmail)

[WildcatRay]

No, not gmail-specific. TLS-specific.

[Brummelchen]

the problem exists between firefox and your internet, this includes any active antivirus (not WD), your modem/router and providers gateway.

[WildcatRay]

the problem exists between firefox and your internet, this includes any active antivirus (not WD), your modem/router and providers gateway.

First, same AV on all computers. Second, no effect when AV disabled.

[morat]

Google drops trust for HTTPS security certificates issued by Symantec prior to June 2016. I don't know if Mozilla is doing the same thing.

Thousands of websites may stop working once Chrome 70 arrives
http://www.digitaltrends.com/computing/ ... own-fault/

Perhaps you could try troubleshooting the site.

More info: http://forums.mozillazine.org/viewtopic ... #p14806185

[James]

https://blog.mozilla.org/security/2018/ ... -distrust/

Not for a while still but Mozilla plans to disable support for TLS 1.0 and TLS 1.1 in March 2020.
https://blog.mozilla.org/security/2018/ ... ns-of-tls/

[jscher2000]

Could it be a problem with a "man in the middle" (e.g., security software that filters your connection, proxy server, or malware)?

[WildcatRay]

Could it be a problem with a "man in the middle" (e.g., security software that filters your connection, proxy server, or malware)?

Then, why not all 4, not just 2 computers?

[Brummelchen]

try this - close firefox, rename cert9.db/key4.db in cert9.old/key4.old (delete cert8.db/key3.db if present), restart fox. maybe cert store damaged.