Reporting a minor bug with firefox, broken SSL connexions

Greetings,

I’m not sure this is a duplicate of https://forum.avast.com/index.php?topic=219358.0 or a different issue, so to avoid thread hijacking, I’m creating a new discussion.

Simply, I’m coming to report a bug that’s been afflicting my computer for like two weeks now, I think.

  • httpS websites stop loading, connexion not secure, certificate not valid, etcetera
  • disabling all Avast agents and re-enabling them fixes the problem (done with a right-click in the system tray icon)
  • no idea if it’s only with Firefox, but I always forget to test with other browsers when it happens
  • it happens approximately once a day for me

Details: windows 10 latest big public version (honestly, no idea, but it’s the one everyone allowing windows update has), French version, Home version, PC, intel I3. Connexion: Orange, France, fiber connexion. Avast Free 18.4.2338 build 18.4.389 5.327.

It’s NOT a support question, as disabling/reenabling the antivirus agents does the job.
Simply, I thought it might be appreciated to submit a report, in case it helps or people with the same problem find my thread after a web search and read the solution :slight_smile:

Good day everyone!

What version if firefox?

With firefox 61 many https connections are broken. In 10 days will be the final release.
When i disable avast sites opens normally.
The error with all avast sheilds is: Error code: SSL_ERROR_RX_RECORD_TOO_LONG

windows 10 64bit 1803 latest update/

This problem exist with Mozilla.

I found for mozilla to work properly i need to to go in avast web shield options and UN-tick enable scan HTTPS connections.
Mozilla 61 enabled ssl 1.3 i don’t know if its the problem.

example sites that dont work every time with https scanning:
-https://eztv.ag/
-https://uploadfiles.io/

these sites open instanly without https scaning

i have the same problem, it started days ago. i’m using mozilla firefox developer edition 61.0b14 on windows 10 home 64 bit. If i close and restart the browser or wipe the cache sometimes the page will load properly. Disabling the https scan solved the issue.

A solution in Firefox 61 (beta, at the moment) is to go to about:config and change security.tls.version.max from 4 to 3.

This bug exist also in stable 60.0.2 firefox that enabled tls 1.3

Hmmm. I don’t have any issues in stable 60.0.2 with TLS 1.3 enabled (ie. security.tls.version.max is 4).

60.0.2 (64 bits)

I took a screenshot: https://imgur.com/a/mNU77rT
And I confirm it only does it with Firefox.
Fortunately, disabling and re-enabling Avast agents fixes the issue.

It does seem to be affecting a lot of Firefox users lately.

Instead of repeatedly disabling and re-enabling Avast shields, in Firefox about:config try setting
security.enterprise_roots.enabled to true.

You can always set it back to false if it doesn’t help.

I’ve had two SSL cutouts in less than ten minutes, which reminded me to check if there had been no new replies in the Avast forum :smiley:

I’ll be gladly testing your suggestion, Alanb, thanks :slight_smile:
(I’ll report in a few days, or more - depending on when I remember ;D )

Allright, some form of follow-up :slight_smile:

With security.enterprise_roots.enabled set to true, my Firefox had an odd issue, it was requesting its Master password immediately upon startup… But in doing so, it was causing the program to hang up 9 times out of 10, probably because I configured Firefox to load five sites at startup. (If someone has the issue, the solution to said problem is for me to right-click the browser’s shortcut and ask it to start a new tab, OR a private navigation tab, it crashes less when the browser doesn’t attempt to load five websites at once)

So, I had to disable security.enterprise_roots.enabled, and deal again with the occasional SSL breaking caused by Avast. Too bad, really, because it worked, the problem had stopped for me, I was getting used to not having to disable/reenable Avast agents.

Moreover, turning security.enterprise_roots.enabled on and off again had an unexpected side effect, I document it in case other people come here after a web search, it made some https websites (not all: Facebook, twitter and Avast forum, but not Google) stop working anymore, certificate unknown.
I had to manually search for my cert8.db and cert9.db files in the root of my firefox profile folder, and rename it to cert8.db.old and cert9.db.old, to force Firefox to reload from fresh the certificates information.

I have the same problem with firefox 61 (updated just now) and avast 18.5.2342 - Windows 7 64 bit SP1
every now and then on the google.com website (referenced site) the error comes out: SSL_ERROR_RX_RECORD_TOO_LONG

I also noticed: Enabling HTTPS scanning of sites the google.com site taken as a reference negotiates in TLS 1.2
If disabled, the HTTPS scan negotiates in TLS 1.3

I have referenced your guide who is here.
https://support.avast.com/en-en/article/189/

Updated Firefox to version 61.0, no issues.

Same here on Firefox 61.0 (64-bits). Many sites like Gmail throw an SSL_ERROR_RX_RECORD_TOO_LONG error

Firefox updated to 61.0 and now I’m getting this also when I try search google.

https://i.imgur.com/7yqaVTR.png

If I do it 2 or 3 times it will eventually work, but the initial load of the first one that works is slow.

Please advise :slight_smile:

edit
Whoops, forgot to add per this post…
https://www.reddit.com/r/firefox/comments/8u4xia/most_recent_firefox_update_makes_so_many_webpage/
Obviously turning off https scanning stops it happening, but I’m not really comfortable leaving that off, the other solution in there i’m not sure about and would prefer some more solid advice on what to do :slight_smile:

I gave links that have the problem do u tried them?

I see here…
https://bugzilla.mozilla.org/show_bug.cgi?id=1468892#c31
There is someone claiming to be from Avast advising of a potential fix in a couple days time after testing.

If this is so we should be sweet :slight_smile:

As a quick side note…interestingly, my mates machine which is basically identical to mine has no issue at all, I wonder why this is :o

As a workaround in the interim, in about:config, set security.tls.version.max to 3.

Updated to Firefox 61 today, cannot usually get onto Google. When I can access Google, long delay in loading.
Sometimes, when clicking on a bookmarked site, I see that Firefox waits for Google?? and then no connection!
No problems in earlier versions of Firefox.
FYI

Works so far… thanks!