When opening one fairly well-known site (https) in Mozilla Firefox 63.0.1, I encountered the following error:
The connection to www.site.net was interrupted while the page was loading.
- The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
- Please contact the website owners to inform them of this problem.
At the same time, this site normally opens in other browsers (Chrome, IE11, Edge, Opera).
This problem is due to the fact that the site uses an outdated version of the SSL certificate. When attempting to establish an HTTPS connection, a site requires the use of an old unsafe version of the TLS protocol. In this case, you need to contact the site administration and ask them to update the version of TLS. It is clear that this is not always possible.
You can check the supported TLS version for the site using the online service https://www.ssllabs.com/ssltest/. Simply enter the name of the site (domain) whose certificate you want to check and run a scan.
After the scan is completed (it takes several minutes), go to the Configuration section. As you can see, in my case the certificate doesn’t support the TLS 1.3 protocol.
To open such a site in new versions of Mozilla Firefox, you will have to reduce the security level required to establish a secure connection.
- Open the Firefox config editor by typing about:config in the address bar of your browser;
- Using the search, find the parameter named: security.tls.version.max;
- This parameter indicates the maximum supported TLS version. Value 4 corresponds to TLS 1.3, value 3 – TLS 1.2. Change the value of security.tls.version.max from 4 to 3 and save the changes;
- Try again to open the site in the Firefox. It should open.
- 0 – outdated SSL 3.0
- 1 – also outdated TLS 1.0
- 2 – TLS 1.1
- 3 – TLS 1.2
You can check the version of the TLS protocol that your browser uses at https://www.howsmyssl.com/. If security.tls.version.max = 4, it should display an inscription:
When changing the value of security.tls.version.max to 3, the verification page will indicate that your browser uses TLS 1.2.
In order not to switch to the less secure version of the TLS protocol for all sites, you can add the necessary site to the security.tls.insecure_fallback_hosts list.
In some antiviruses (Avast, ESET NOD32, Kaspersky), the SSL/TLS connection checker module can be enabled. If the error “Secure Connection Failed” occurs when connecting to any https site, try disabling the SSL/TLS scanning module in the antivirus settings