ssl - Firefox, error when accessing https url

07
2014-07
  • Toc

    I'm connected through a public wifi hotspot. No problem when using IExplorer. When I use Firefox, I obtain the following error message after asking for any https url, as for example https://www.google.com:

    An error occurred during a connection to www.google.com.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

    How can I solve?

    • Answers
  • QMechanic73

    This problem can be repair with uncheck the TLS encryption. Tools > Option > Encryption (tab) > and uncheck TLS 1.0.

    Update.

    Look for these preferences(security.tls.version*).

    • security.tls.version.min
    • security.tls.version.max

    In the Awesomebar, type or paste about:config and tap the Go arrow. Type tls into the search box and tap the Enter key to find all preferences that contain tls.

    According to a comment in the code:

    // 0 means SSL 3.0, 1 means TLS 1.0, 2 means TLS 1.1, etc.

    So try setting both min and max to 2, to force TLS 1.1, and see whether that works.

    See Reference


    • Related Question

    security - How to lock down Win Vista Firewall for HTTPS only access?
  • John K

    When I'm on public WiFi (laptop), I want to configure my firewall through its advanced settings to allow only HTTPS web traffic.

    My first attempt was to block incoming and outgoing by default, then allow both UDP and TCP port 443 from any computer to any computer (both in and out). However I experience a net error when using my browsers on any SSL/443 website. What am I misunderstanding that is causing my attempt to fail?

    The browser error reported in Chrome is

    Error 10 (net::ERR_ACCESS_DENIED): Unknown error.

    Firefox gives a general error, but when I trace the HTTPS traffic using Fiddler I get this:

    (request)

    CONNECT mail.google.com:443 HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 GTB7.1 ( .NET CLR 3.5.30729; .NET4.0E)
    Proxy-Connection: keep-alive
    Host: mail.google.com

    (response)

    HTTP/1.1 502 Connection failed Connection: close Timestamp: 21:57:34.739

    HTTPS connection failed.

    System.Net.Sockets.SocketException: An attempt was made to access a socket in a way forbidden by its access permissions xxx.xxx.xx.xx:443
    at Fiddler.ServerChatter.CreateConnectedSocket(IPAddress[] arrDestIPs, Int32 iPort, Session _oSession)
    at Fiddler.Session._handleHTTPSConnect()

    When the policy is set up right I plan to export it (save it) for the future when I'm back on public WiFi.

    Note: If a different version of Windows has similar config nuances, feel free to post those answers too - if it's close I can probably extrapolate.


    • Related Answers
  • Steven Monday

    To browse the web, you will need to allow DNS as well: UDP port 53 (and TCP too, but not so much).

  • Paul

    When your browse to a website, your browser sends an outbound TCP SYN packet to set up the connection. Conveniently the firewall automatically allows all traffic in both directions that belongs to this connection. So please don't allow inbound traffic unless you're running a web server and want people to initiate TCP connections to you.

    Some sites may need TCP/80 (HTTP) to establish the TCP/443 (HTTPS) connection, so try opening 80 as well as the DNS ports already mentioned.

    Windows 7 lets you specify programs by name (such as your browser) and control access to/from the specific program/process. XP applies the rules to all programs/processes. I don't have Vista handy to check its level of control.