Firefox 61: Fix Secure Connection Failed

If you have upgraded to yesterday's new Firefox 61 version you may have received a secure connection failed error when trying to connect to this very site and others.

The error message reads:

Secure Connection Failed
An error occurred during a connection to [site name]. SSL received a record that exceeded the maximum permissable length. Error Code: SSL_ERROR_RX_RECORD_TOO_LONG.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

Here is a screenshot of the error when trying to connect to the site using Firefox 61.

We know so far that the issue is related to establishing a secure connection but it is unclear just from reading the message whether that is a site problem, a browser problem, or caused by software that interferes with the connection.

Previous versions of Firefox don't throw the error message. Mozilla revealed in the changelog that it enabled the latest draft of the TLS 1.3 specification. We reviewed the change back in April 2018, and you can easily check which version of TLS is supported by loading about:config?filter=security.tls.version in Firefox's address bar. Check the security.tls.version.maximum value; it should read 4 which is the new maximum. Previous versions of Firefox used the value 3 there.

In fact, if you switch the value to 3 the error goes away. You can access any site again and the secure connection failed error does not show up anymore.

While you can do that, you may want to know more about the issue that is causing secure connections to fail in Firefox 61.

Update: Before you proceed with the instructions below, try the following in Firefox to see if it resolves the issue on your end:

1. Open about:preferences#privacy in the browser.
2. Scroll down to the Certificates section and click on "View certificates".
3. Make sure the Authorities tab is selected.
4. Locate Avast certificates and use the delete option to remove them
5. Use the import button to import the certificates from C:\ProgramData\AVAST Software\Avast\wscert.dat

Chance is that you have Avast, AVG, or other security software installed on the device that interferes with HTTPS traffic.

If you run Avast, you can disable the HTTPS scanning part of the security software's Web Shield to resolve the issue without dropping the maximum TLS version in Firefox from 4 to 3.

Here is how that is done:

Double-click on the Avast software icon in the System Tray area to display the main interface of the application.

Select Menu > Settings to display all program preferences.

Switch to the Components section in the sidebar.

Select the customize link displayed for the Web Shield component.

Locate "Enable HTTPS Scanning" and uncheck the box.

Select ok to save the change and ok on the next page to return to the main interface.

When you try to load sites that failed to load in Firefox 61 previously you will notice that the sites load just fine.

Other security solutions may use similar components that interfere with HTTPS traffic. If you don't run Avast try to find an option in the settings to turn of HTTPS scanning to resolve the issue.

Now You: Did you run into Secure Connection Failed issues with Firefox 61?