Suddenly, *only with Firefox* all computers in the house show (Error code: ssl_error_rx_record_too_long) when trying to access any Google product.
Today, all laptops in the house (latest ver of FF) began throwing the error:
(Error code: ssl_error_rx_record_too_long)
When trying to access any Google products: gmail, Google+, analytics, Google website, etc
Gekose oplossing
Make sure to reset the security.tls.version.max pref to 1 if you have previously changed this pref to 0 to disable TLS 1.0
Lees dié antwoord in konteks 👍 6All Replies (20)
@umpiredice I don't know for sure if this is affecting Shaw or certain region of it only, but yes, I would like to use more secure connection if there is a better solution.
Also I think with this setting it's possible to run into other problems with servers that require TLS 1.0
By entering only IP address in address bar you are making unencrypted HTTP connection.
Gewysig op
Is anyone on the thread running OS X or Linux? If so, could you run the following from your terminal if you are still experiencing the issue:
echo -n | openssl s_client -state -nbio -connect www.google.ca:443 2> ~/ssl_err.txt 1> ~/ssl_out.txt
This will create two log files in your user/home directory called ssl_err.txt and ssl_out.txt which you can upload here.
Thanks in advance
From Maple Ridge:
Tracing route to www.google.ca [173.194.79.94] over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.0.1 2 * * * Request timed out. 3 11 ms 15 ms 15 ms rd3st-tge0-5-0-6-1.vc.shawcable.net [64.59.148.2
37]
4 19 ms 11 ms 11 ms rc2wh-tge0-13-0-0.vc.shawcable.net [66.163.69.89
]
5 15 ms 26 ms 15 ms rc3sc-tge0-10-0-31.wp.shawcable.net [66.163.76.1
50]
6 12 ms 13 ms 13 ms rx0wt-google.wa.shawcable.net [66.163.68.50] 7 14 ms 14 ms 12 ms 209.85.249.34 8 13 ms 13 ms 17 ms 66.249.94.201 9 20 ms 21 ms 19 ms 216.239.46.200 10 34 ms 19 ms 23 ms 216.239.48.167 11 * * * Request timed out. 12 20 ms 29 ms 21 ms pb-in-f94.1e100.net [173.194.79.94]
Trace complete.
Google is currently making changes to their system for the upcoming upgrade to Android 4.4, Google+, Search Engine (Google Now) and Play store as well as some other systems. There is a possibility that this is somehow connected to that. I am able to connect to Gmail using thunderbird and to connect to youtube which is also a Google company. My main issues are Google search, Google+ and the Play Store. Also facebook
Gewysig op
I live in Mission and I am having the same issue. I am on Shaw and FF automatically updated and now there are a number of sites I cannot reach other than Facebook and Google.
In the following thread, a user reported that turning off TLS v1.0 support (using only the older SSL v3.0 protocol) works around the issue: firefox on Shaw Cable Internet cannot connect to google services such as gmail and google search.
Thank you @olwince, I have attached this information to a bug in Mozilla's bug tracker where we can investigate if this could have been avoided in Firefox. You can follow along in bug 935394.
I hope you were still having the problem when you collected the data, if not let me know.
@mnoorenberghe yes, still having problem and have not implemented workaround there.
Sorry to brake the bashing but I don't think it's shaw's fault
Take a look at this:
TLSv1 normal Client Hello from Firefox to Google server: http://pastebin.com/3q5PpHte
TLSv1 abnormal Server Hello from Google server to Firefox: http://pastebin.com/4HwhXThX
Just for refference:
TLSv1 normal Client Hello from Safari to Google server: http://pastebin.com/gq2Henyw
TLSv1 normal Server Hello from Google server to Safari: http://pastebin.com/K2vWHu8z
That info was captured with Wireshark
see the where it says "Ignored Unknown Record" in the "TLSv1 abnormal Server Hello from Google server to Firefox". That means that Wireshark didn't understand what the information that the server sent back in its hello. Why? because it's html for some reason... It's this html:
Somehow the google server is sending back html inside a TLSv1 Server Hello message, which is not supposed to happen.
So I didn't think it's Shaw's fault
-Maylard
Gewysig op
Having this problem, and also just noticed that none of the live streams on Twitch.tv are working either. Is this related? Is anyone else also experiencing this?
Thanks @maylard, that is very useful. Can you confirm the same html response is happening with www.facebook.com?
im still having the same problem! the error is showing up for google, and yes i do use shaw and im from surrey >.< any fix yet?
Yup, with facebook it's exactly the same ordeal with exactly the same out-of-place response html in the Server Hello.
Same with https://www.youtube.com/
-Maylard
Gewysig op
@maylard then whats the fix to this problem??? cause there seems to be some common thing we are all on shaw and in the lower mainland, i did some research and it was about some port 443 or something? so maybe it is on shaws end??
I'm in south Surrey with Shaw and have been trying to figure this out for hours. Now that I stumbled across this thread, I realize the problem is not specific to me -- that's reassuring.
The best I've been able to do so far is use a specific IP address -- the one for google.ca is http://173.194.113.55/
Thanks maylard for the capture. The question then is, why is Google responding strangely to Firefox only in some location?
@chapters Not much we can do except temporarily disable TLSv1 through the previous suggestion: set security.tls.version.max to 0
Maybe only Shaw customer's are experiencing it because they are getting redirected to the broken server? I dunno, I'm on the broken boat so I can't compare to what it's like on the working boat.
-Maylard
@maylard i dont know how to do that, yes im a noob when it comes to this kinda stuff, btw does the fix work on facebook, youtube, etc?
hoping both firefox and shaw will have the problem fixed by tmr..
@chapters
- Open a new tab
- write about:config
- firefox will warn you about not making changes if you don't know what you're doing
- in the search box type TLS
- you should see "security.tls.version.max" and on the value column it will say a number (probably 1)
- change the value to 0
-Maylard
Gewysig op
@maylard THANKS!!! :D seems like everything is back to normal