为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

"An error occurred during a connection to www.youtube.com" because "client downgraded to a lower TLS version than the server supports". What?

  • 8 个回答
  • 125 人有此问题
  • 172 次查看
  • 最后回复者为 Doobleshaft

more options

On Fedora 20 with firefox-35.0-2.fc20.x86_64 (Build date: Tue 13 Jan 2015 13:47:48 CET)

Since very recently (like, yesterday - firefox was updated yesterday).

Connection to https://www.youtube.com fails because:

"An error occurred during a connection to www.youtube.com.

The server rejected the handshake because the client downgraded to a 
lower TLS version than the server supports. (Error code: ssl_error_inappropriate_fallback_alert) mozilla"

This is shown on redirection via youtu.be for example. Connection to the youtube front page fails after a minute of work.

Can I see the TLS protocol exchange somewhere?

From a Fedora 20 VM using firefox-34.0-1.fc20.x86_64, things work. Connection Encrypted: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 128 bit keys"

I also noticed on that connection to Microsoft OWA fails from time to time with no error warnings but with timeouts, which happens on no other machine. Suspicious.

On Fedora 20 with firefox-35.0-2.fc20.x86_64 (Build date: Tue 13 Jan 2015 13:47:48 CET) Since very recently (like, yesterday - firefox was updated yesterday). Connection to https://www.youtube.com fails because: "An error occurred during a connection to www.youtube.com. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports. (Error code: ssl_error_inappropriate_fallback_alert) mozilla" This is shown on redirection via youtu.be for example. Connection to the youtube front page fails after a minute of work. Can I see the TLS protocol exchange somewhere? From a Fedora 20 VM using firefox-34.0-1.fc20.x86_64, things work. Connection Encrypted: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 128 bit keys" I also noticed on that connection to Microsoft OWA fails from time to time with no error warnings but with timeouts, which happens on no other machine. Suspicious.

被采纳的解决方案

Well, that's not going to work because this is a Fedora 20.

Also tried with add-ons disabled to no avail.

But you know what fixed it? Rebooting the whole system.

There seems to be something that gums up a long-running system, even with browser restarts in between. Note that running firefox from a VM on the gummed-up primary system does not exhibit the problem. Really weird.

定位到答案原位置 👍 5

所有回复 (8)

more options

Followup: it works intermittently though, but may take a LONG time to load. Tried with empty history and cached cleared with the "emptycache" addon, which does not help. If it works, then the TLS suite is "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 128 bit keys" (come on Mozilla, this string should be copyable, not a bitmap...)

more options

Also tried with NoScript disabled. Doesn't work any better. You can actually see the youtube front page sometimes getting stuck in a half-formatted mode. Maybe it really is Google and it's just the error message that is wrong.

more options

can you check in about:config that all the settings starting with security.ssl/tls are on their default value (=not shown in bold)?

more options

Looks like all is at the default except the [keyupdatetime]

The YouTube situation is unchanged. Also tried to connect to "https://www.google.de" -- The initial connection is superslow but after that zoom around works nicely.

more options

Tried to gradually downgrade the TLS protocol to SSLv3 (which is vulnerable to Poodle of course) according to

Security.tls.version.(min|max)

Originally at

security.tls.version.max = 3 ("TLS 1.2 is the maximum supported") security.tls.version.min = 1 ("TLS 1.0 is the minimum required")

Then set

security.tls.version.min = 0 ("SSLv3 is the minimum required")

And reduced

security.tls.version.max

from 3 to 0.

Basically to no avail, forcing to SSLv3 using (0,0) didn't help (except that LastPass complains that it cannot connect to the server, which is as it should be)

With (3,1) got the downgrade error again.

Set to (3,3) instead. Loading the YouTube front page takes practically exactly 100s with ~0 traffic on the interface, but it loads.

Forcing TLS 1.2 is interesting in its own right. Amazon Web Services doesn't work with that. MUAH!!

Could it be that a slow/unresponsive YouTube causes the browser to complain about the TLS negotiation?

由DasBughunter于修改

more options

Boot the computer in Windows Safe Mode with network support (press F8 on the boot screen) as a test.

more options

选择的解决方案

Well, that's not going to work because this is a Fedora 20.

Also tried with add-ons disabled to no avail.

But you know what fixed it? Rebooting the whole system.

There seems to be something that gums up a long-running system, even with browser restarts in between. Note that running firefox from a VM on the gummed-up primary system does not exhibit the problem. Really weird.

more options

DasBughunter said

Tried to gradually downgrade the TLS protocol to SSLv3 (which is vulnerable to Poodle of course) according to Security.tls.version.(min|max) Originally at security.tls.version.max = 3 ("TLS 1.2 is the maximum supported") security.tls.version.min = 1 ("TLS 1.0 is the minimum required") Then set security.tls.version.min = 0 ("SSLv3 is the minimum required") And reduced security.tls.version.max from 3 to 0. Basically to no avail, forcing to SSLv3 using (0,0) didn't help (except that LastPass complains that it cannot connect to the server, which is as it should be) With (3,1) got the downgrade error again. Set to (3,3) instead. Loading the YouTube front page takes practically exactly 100s with ~0 traffic on the interface, but it loads. Forcing TLS 1.2 is interesting in its own right. Amazon Web Services doesn't work with that. MUAH!! Could it be that a slow/unresponsive YouTube causes the browser to complain about the TLS negotiation?

I've been having problems with secure sites for a few weeks and I've tried on all affected computers removing all traces of Firefox and installing with no addons and still this problem happened.

This information though was the trigger to find the fix. I found that the default values had been changed so I have set the following which appeared to be default:

security.tls.version.max;3 security.tls.version.min;1

Not sure why they were changed apart from just one possible cause. I use BitDefender Internet Security and maybe this changed the security settings here? It does prompt for Firefox to be closed for a setting to be changed. All other browsers worked perfectly though so it is Firefox specific.

Now I'm wondering if I test on Ubuntu or Fedora will the same issue occur with the latest Firefox as it hasn't happened before 35.0.1