This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

SSL peer reports incorrect Message Authentication Code (Error code: ssl_error_bad_mac_alert) after Firefox 36 Upgrade

  • 2 ŋuɖoɖowo
  • 2 masɔmasɔ sia le wosi
  • 9 views
  • Nuɖoɖo mlɔetɔ elm-

more options

When upgrading from Firefox 35 to 36 (Windows 8, 32 bit) I start getting "SSL peer reports incorrect Message Authentication Code (Error code: ssl_error_bad_mac_alert)" SSL errors on at least one website I use. (https://marketplace.ibmcloud.com).

The message only appears when I get redirected to the website again after a previous OpenID login (some more cookies are set). When I browse the website without authentication it works on the encryption without any issues.

None of [1] applied, I do not experience this problem with any other browser or the previous version of Firefox. It seems to be limited to the specific case. Clearing any kind of cache, enable / disabled the ssl3* mechanisms, did have zero effect.

Is there any other way to debug this or someone has an idea what changed with Firefox 36 to introduce this behavior? I downgraded back to 35 for now to work again.

[1] https://support.mozilla.org/en-US/questions/new/desktop/fix-problems/form?search=SSL+peer+reports+incorrect+Message+Authentication+Code+(Error+code%3A+ssl_error_bad_mac_alert)&step=aaq-question

When upgrading from Firefox 35 to 36 (Windows 8, 32 bit) I start getting "SSL peer reports incorrect Message Authentication Code (Error code: ssl_error_bad_mac_alert)" SSL errors on at least one website I use. (https://marketplace.ibmcloud.com). The message only appears when I get redirected to the website again after a previous OpenID login (some more cookies are set). When I browse the website without authentication it works on the encryption without any issues. None of [1] applied, I do not experience this problem with any other browser or the previous version of Firefox. It seems to be limited to the specific case. Clearing any kind of cache, enable / disabled the ssl3* mechanisms, did have zero effect. Is there any other way to debug this or someone has an idea what changed with Firefox 36 to introduce this behavior? I downgraded back to 35 for now to work again. [1] https://support.mozilla.org/en-US/questions/new/desktop/fix-problems/form?search=SSL+peer+reports+incorrect+Message+Authentication+Code+(Error+code%3A+ssl_error_bad_mac_alert)&step=aaq-question

All Replies (2)

more options

Please contact the SSO developer of the Ibm website as well. The error is normally from an encrypted message coming from a previous session.

guigs trɔe

more options

I created a ticket there as well for them to investigate, although knowing IBM I guess we know the answer already, if I hear anything from there I will let you know.

However, as the problem only occurs on the one version of Firefox as of right now, I'm inclined to role out potential server side issues as a reason and pass it to something within Firefox, or was there a change any encryption defaults that might force the server to switch to a different version or something that might have the bug?