This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Tëj nañu waxtaan wii ba denc ko. Yónneel yeneen laaj soo soxlaa ndimbal.

ssl_error_bad_mac_read error on credit card payment

  • 4 tontu
  • 30 am na jafe-jafe bii
  • 77 views
  • i mujjee tontu mooy manjit2970

more options

I'm trying to process a credit card payment for Norwegian Airlines. When taking me to the Verified by Visa page on my credit card account ( https://www.vpv.scddesjardins.com/ ) I get the secured connection failed page: "An error occurred during a connection to www.vpv.scddesjardins.com. SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read) " Their server seems to be still running SSL 3.0 and some other terrible things, but on another website I had this issue I got a different error message. Should I be contacting my credit card company, and if so what should I be asking them to do? I can't give a public page, obviously, and though I tried to test it on Chrome, they're charging me 7 EUR more for the flight on Chrome than Firefox (just another reason to use FF!).

I'm trying to process a credit card payment for Norwegian Airlines. When taking me to the Verified by Visa page on my credit card account ( https://www.vpv.scddesjardins.com/ ) I get the secured connection failed page: "An error occurred during a connection to www.vpv.scddesjardins.com. SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read) " Their server seems to be still running SSL 3.0 and some other terrible things, but on another website I had this issue I got a different error message. Should I be contacting my credit card company, and if so what should I be asking them to do? I can't give a public page, obviously, and though I tried to test it on Chrome, they're charging me 7 EUR more for the flight on Chrome than Firefox (just another reason to use FF!).

Saafara biñ tànn

Or maybe...

When I test that site in Chrome, it says the site uses TLS 1.0, an older version of the SSL standard that Firefox 37 no longer treats as secure. This is a change from Firefox 36.

You can make a site-specific exception for the problem server so Firefox allows TLS 1.0:

Here's how:

(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character, and not including either of those. In this case: www.vpv.scddesjardins.com

(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(3) In the search box above the list, type or paste tls and pause while the list is filtered

(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.

When you reload that site, Firefox 37 should display the site (of course, I can't test without the full URL).

Jàng tontu lii ci fi mu bokk 👍 19

All Replies (4)

more options

The error code ssl_error_bad_mac_read is somewhat rare on this forum. Past solutions may have included (sometimes it's hard to tell which suggestion helped):

  • Disabling Firefox from using IPv6 (see that topic in: Firefox can't load websites but other browsers can)
  • Checking for a proxy setting in the Options dialog: "3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button -- try "No Proxy"
  • Fixing a flaky internet connection
  • Removing some extensions (e.g., MaskMe and an old version of DoNotTrackMe)
  • Bypassing the filtering software NetNanny
more options

Saafara yiñ Tànn

Or maybe...

When I test that site in Chrome, it says the site uses TLS 1.0, an older version of the SSL standard that Firefox 37 no longer treats as secure. This is a change from Firefox 36.

You can make a site-specific exception for the problem server so Firefox allows TLS 1.0:

Here's how:

(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character, and not including either of those. In this case: www.vpv.scddesjardins.com

(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(3) In the search box above the list, type or paste tls and pause while the list is filtered

(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.

When you reload that site, Firefox 37 should display the site (of course, I can't test without the full URL).

more options

Thanks. I should say that while this workaround worked, I still yelled at the server owners for their woefully out of date and insecure server. If anyone sees this, they should not just apply the workaround and continue using insecure connections as if nothing happened, but get the administrator to update their technology by a decade or two.

more options

at security.tls.insecure_fallback_hosts preferences I added www.onlinesbi.com, made it OK, started again firefox and checked but the the error is same i.e

"An error occurred during a connection to www.onlinesbi.com. SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)
   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem."