SSL_ERROR_BAD_MAC_ALERT
A couple users at our site intermittently receive a SSL_ERROR_BAD_MAC_ALERT error when navigating to Google in Firefox. This happens in Version 99.0.1 (64-bit) on Windows 10 computers. When the issue occurs, users can navigate to other websites without issues. Navigating to Google in a different browser works no problem. Restarting the browser will resolve the issue. Clearing cookies and site data has no effect. Users can also refresh the page after some time and the issue will go away.
Any idea as to why this is happening?
Isisombulu esikhethiweyo
This could be a problem with the TLS 1.3 Early Data feature also known as Zero Round Trip Time Resumption (0rtt). You can try to set security.tls.enable_0rtt_data = false on the about:config page to disable this feature until this is fixed by Google or Mozilla to see if that helps.
See also:
- /questions/1376015 Issue with most Google sites on Firefox v100 64bit
All Replies (12)
Web Search: https://www.bing.com/search?q=SSL_ERROR_BAD_MAC_ALERT
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
https://support.mozilla.org/en-US/kb/secure-connection-failed-firefox-did-not-connect
https://support.mozilla.org/en-US/kb/websites-dont-load-troubleshoot-and-fix-errors
You can check the connection settings.
- Settings -> General -> Network: Connection -> Settings
If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.
See "Firefox connection settings":
Unfortunately, none of the suggestions in those articles resolves the issue.
I'm also having this issue with more and more users... They are all work from home
We tried the following:
Cleared Cache & Cookies Refreshed Firefox Deleted the user's Mozilla Firefox folders from \AppData Re-installation of Firefox Tried to change windows DNS to Cloudflares and Google's Migrated to Firefox regular from DEV Firefox Disabled DNS Prefetching in Firefox Settings Disabled AV for one user Adding Website to a list of Insecure FallBack Hosts Power Cycling PC + Router/Modem
The only solution so far is to migrate the user to Chrome Browser instead
But we would rather avoid that if possible..
Ilungisiwe
I should clarify that I tried all of the solutions except for disabling AV (Sophos), which I cannot do. If you know of a different way to check if the AV software is causing the issue, I would be happy to try it.
The solution outlined here did temporarily resolve the issue:
https://superuser.com/questions/1280239/firefox-secure-connection-failed-ssl-error-bad-mac-alert
However, the issue is occurring today again. Interestingly, reverting that change temporarily resolved the issue again. So it seems that just changing that setting refreshes something to alleviate the issue, but then it will still come back after some time.
krisa15 said
If you know of a different way to check if the AV software is causing the issue . . .
Start your Computer in safe mode with network support. Then start Firefox. Try Secure websites. Is the problem still there?
Starting Any Computer In Safe Mode (web link) Free Online Encyclopedia
https://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/
https://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10/ +++++++++++++++++++++++++++++++++++++++++++++++ If the problem goes away with the computer in Safe Mode, the problem is with one of the other programs on the system.
As a test, disable your protection programs.
I can confirm that the issue does not occur is safe mode. I also, ran process monitor and do see Sophos performing operations on Firefox files when the issue is active.
It seems that updating any of the security.tls* parameters in Firefox will temporarily resolve the issue. I tested changing a few other random settings, but that did not resolve the issue. It seems that changing any of the security.tls* parameters clears some sort of cached information that might be corrupt.
Isisombululo esiKhethiweyo
This could be a problem with the TLS 1.3 Early Data feature also known as Zero Round Trip Time Resumption (0rtt). You can try to set security.tls.enable_0rtt_data = false on the about:config page to disable this feature until this is fixed by Google or Mozilla to see if that helps.
See also:
- /questions/1376015 Issue with most Google sites on Firefox v100 64bit
The issue has not occurred again since setting security.tls.enable_0rtt_data = false.
Thanks!
Same problem here. Disabling Sophos Intercept X Essentials (temporarily) solves the problem.
Other browser, Microsoft Edge, no problem at all.
Will try the the about:config suggestion.
I have the same issue on one (and only one) computer and I've only found the issue with google.com. A few searches (or a few pages of the one search) and the connection dies and I get the MAC error as per the OP. No other site is affected and flipping to another browser and google then works fine. The computer is win10 20H2 with the commercial version of windows security & with corp firewall & filters between me & the big bad internet. I'd tried numerous options posted elsewhere, but setting "security.tls.enable_0rtt_data" to false immediately fixed the problem without needing to restart FF. In contrast to some of the other comments, restarting FF did not fix the problem for me, the only fix was to wait a good 4-5 hours & suddenly I was able to access google again. Even rebooting the pc was no help.
One possibly relevant pre-existing FF tweak I use is to force google to use google.com and not google.com.au (I get a more useful search results from the former compared to the local version).
If you have Sophos installed it is the cause of the error. Set "security.tls.enable_0rtt_data" to "false". New zero round-trip TLS is broken by Sophos, need to tell Firefox to avoid it.
Details: https://bugzilla.mozilla.org/show_bug.cgi?id=1770742