Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Sab' on June 16, 2018, 01:14:51 AM

Title: Reporting a minor bug with firefox, broken SSL connexions
Post by: Sab' on June 16, 2018, 01:14:51 AM
Greetings,

I'm not sure this is a duplicate of https://forum.avast.com/index.php?topic=219358.0 or a different issue, so to avoid thread hijacking, I'm creating a new discussion.

Simply, I'm coming to report a bug that's been afflicting my computer for like two weeks now, I think.
- httpS websites stop loading, connexion not secure, certificate not valid, etcetera
- disabling all Avast agents and re-enabling them fixes the problem (done with a right-click in the system tray icon)
- no idea if it's only with Firefox, but I always forget to test with other browsers when it happens
- it happens approximately once a day for me

Details: windows 10 latest big public version (honestly, no idea, but it's the one everyone allowing windows update has), French version, Home version, PC, intel I3. Connexion: Orange, France, fiber connexion. Avast Free 18.4.2338 build 18.4.389 5.327.

It's NOT a support question, as disabling/reenabling the antivirus agents does the job.
Simply, I thought it might be appreciated to submit a report, in case it helps or people with the same problem find my thread after a web search and read the solution :)

Good day everyone!
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: mchain on June 16, 2018, 06:24:17 AM
What version if firefox?
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: boombastik on June 16, 2018, 12:22:43 PM
With firefox 61 many https connections are broken. In 10 days will be the final release.
When i disable avast sites opens normally.
The error with all avast sheilds is:  Error code: SSL_ERROR_RX_RECORD_TOO_LONG

windows 10 64bit 1803 latest update/

This problem exist with Mozilla.

I found for mozilla to work properly i need to to go in avast web shield options and UN-tick enable scan HTTPS connections.
Mozilla 61 enabled ssl 1.3 i don't know if its the problem.

example sites that dont work every time with https scanning:
-https://eztv.ag/
-https://uploadfiles.io/


these sites open instanly without https scaning
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: Sheppysneik on June 16, 2018, 05:31:45 PM
i have the same problem, it started days ago. i'm using mozilla firefox developer edition 61.0b14 on windows 10 home 64 bit. If i close and restart the browser or wipe the cache sometimes the page will load properly. Disabling the https scan solved the issue.
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: alanb on June 17, 2018, 01:20:41 PM
A solution in Firefox 61 (beta, at the moment) is to go to about:config and change security.tls.version.max from 4 to 3.
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: boombastik on June 17, 2018, 11:53:28 PM
This bug exist also in stable 60.0.2 firefox that enabled tls 1.3
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: alanb on June 18, 2018, 11:36:37 AM
Hmmm.  I don't have any issues in stable 60.0.2 with TLS 1.3 enabled (ie. security.tls.version.max is 4).
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: Sab' on June 18, 2018, 11:38:55 AM
What version if firefox?

60.0.2 (64 bits)

I took a screenshot: https://imgur.com/a/mNU77rT
And I confirm it only does it with Firefox.
Fortunately, disabling and re-enabling Avast agents fixes the issue.
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: alanb on June 18, 2018, 02:57:37 PM
It does seem to be affecting a lot of Firefox users lately.

Instead of repeatedly disabling and re-enabling Avast shields, in Firefox about:config try setting
security.enterprise_roots.enabled to true.

You can always set it back to false if it doesn't help.
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: Sab' on June 24, 2018, 11:50:24 PM
It does seem to be affecting a lot of Firefox users lately.

Instead of repeatedly disabling and re-enabling Avast shields, in Firefox about:config try setting
security.enterprise_roots.enabled to true.

You can always set it back to false if it doesn't help.

I've had two SSL cutouts in less than ten minutes, which reminded me to check if there had been no new replies in the Avast forum :D

I'll be gladly testing your suggestion, Alanb, thanks :)
(I'll report in a few days, or more - depending on when I remember  ;D )
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: Sab' on June 26, 2018, 09:52:00 AM
Allright, some form of follow-up :)

With security.enterprise_roots.enabled set to true, my Firefox had an odd issue, it was requesting its Master password immediately upon startup... But in doing so, it was causing the program to hang up 9 times out of 10, probably because I configured Firefox to load five sites at startup. (If someone has the issue, the solution to said problem is for me to right-click the browser's shortcut and ask it to start a new tab, OR a private navigation tab, it crashes less when the browser doesn't attempt to load five websites at once)

So, I had to disable security.enterprise_roots.enabled, and deal again with the occasional SSL breaking caused by Avast. Too bad, really, because it worked, the problem had stopped for me, I was getting used to not having to disable/reenable Avast agents.

Moreover, turning security.enterprise_roots.enabled on and off again had an unexpected side effect, I document it in case other people come here after a web search, it made some https websites (not all: Facebook, twitter and Avast forum, but not Google) stop working anymore, certificate unknown.
I had to manually search for my cert8.db and cert9.db files in the root of my firefox profile folder, and rename it to cert8.db.old and cert9.db.old, to force Firefox to reload from fresh the certificates information.
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: vianello_85 on June 26, 2018, 08:47:27 PM
With firefox 61 many https connections are broken. In 10 days will be the final release.
When i disable avast sites opens normally.
The error with all avast sheilds is:  Error code: SSL_ERROR_RX_RECORD_TOO_LONG

I have the same problem with firefox 61 (updated just now) and avast 18.5.2342 - Windows 7 64 bit SP1
every now and then on the google.com website (referenced site) the error comes out: SSL_ERROR_RX_RECORD_TOO_LONG


I also noticed: Enabling HTTPS scanning of sites the google.com site taken as a reference negotiates in TLS 1.2
If disabled, the HTTPS scan negotiates in TLS 1.3

I have referenced your guide who is here.
https://support.avast.com/en-en/article/189/
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: mchain on June 27, 2018, 01:12:10 AM
Updated Firefox to version 61.0, no issues.
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: xppxzqq on June 27, 2018, 05:10:43 AM
Same here on Firefox 61.0 (64-bits). Many sites like Gmail throw an SSL_ERROR_RX_RECORD_TOO_LONG error
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: Rowan Boatman on June 27, 2018, 06:28:47 AM
Firefox updated to 61.0 and now I'm getting this also when I try search google.

https://i.imgur.com/7yqaVTR.png

If I do it 2 or 3 times it will eventually work, but the initial load of the first one that works is slow.

Please advise :)

*edit*
Whoops, forgot to add per this post...
https://www.reddit.com/r/firefox/comments/8u4xia/most_recent_firefox_update_makes_so_many_webpage/
Obviously turning off https scanning stops it happening, but I'm not really comfortable leaving that off, the other solution in there i'm not sure about and would prefer some more solid advice on what to do :)
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: boombastik on June 27, 2018, 10:28:19 AM
Updated Firefox to version 61.0, no issues.

I gave links that have the problem do u tried them?
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: Rowan Boatman on June 27, 2018, 12:38:35 PM
I see here...
https://bugzilla.mozilla.org/show_bug.cgi?id=1468892#c31
There is someone claiming to be from Avast advising of a potential fix in a couple days time after testing.

If this is so we should be sweet :)

As a quick side note...interestingly, my mates machine which is basically identical to mine has no issue at all, I wonder why this is :o
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: alanb on June 27, 2018, 02:17:10 PM
As a workaround in the interim, in about:config, set security.tls.version.max to 3.
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: The Sniggler on June 27, 2018, 02:57:59 PM
Updated to Firefox 61 today, cannot usually get onto Google. When I can access Google, long delay in loading.
Sometimes, when clicking on a bookmarked site, I see that Firefox waits for Google?? and then no connection!
No problems in earlier versions of Firefox.
FYI
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: The Sniggler on June 27, 2018, 03:54:36 PM
As a workaround in the interim, in about:config, set security.tls.version.max to 3.

Works so far.. thanks!
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: vianello_85 on June 28, 2018, 08:52:15 AM
I hope to release the fix as soon as possible, also considering what has been written before (1 or 2 days).
It would be interesting to know if this fix will be avast side, invisible to the end user, or it will be necessary to update the current version?

I am aware of the workaround, but with all the tests done, still find the word connection failed on sites (still few but very used) that use tls 1.3, the currently most secure version, and having to update the page every time until it detects tls 1.2 is not pleasant.
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: The Sniggler on June 28, 2018, 01:41:28 PM
I hope to release the fix as soon as possible, also considering what has been written before (1 or 2 days). It would be interesting to know if this fix will be avast side, invisible to the end user, or it will be necessary to update the current version? I am aware of the workaround, but with all the tests done, still find the word connection failed on sites (still few but very used) that use tls 1.3, the currently most secure version, and having to update the page every time until it detects tls 1.2 is not pleasant.

Thanks for update. I used the fix on one machine so I can access Google, but left the other machine alone to monitor the status.
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: suk on June 28, 2018, 06:22:43 PM
Should be fixed - see https://forum.avast.com/index.php?topic=220060.msg1467311#msg1467311
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: vianello_85 on June 28, 2018, 06:49:27 PM
I confirm, problem solved, support tls 1.3, there is no more error
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: The Sniggler on June 28, 2018, 07:57:15 PM
I confirm, problem solved, support tls 1.3, there is no more error
Fixed here, too.
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: mchain on June 28, 2018, 09:11:01 PM
@ boombastik,

No, sorry no issues.  I did miss the two sites you posted tho and did not test them.
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: Martin00 on June 28, 2018, 10:40:42 PM
Any idea when that will be fixed?
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: Gopher John on June 28, 2018, 11:09:34 PM
Virus Definitions 180628-8 fixes the TLS 1.3 issue.  You should have it by now.
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: Rowan Boatman on June 28, 2018, 11:13:54 PM
Just test my machine and it now appears to be fixed, thank you very much :)
Title: Re: Reporting a minor bug with firefox, broken SSL connexions
Post by: Sab' on June 30, 2018, 05:26:49 PM
Ah, bummer, in the meantime I gave up (too many ssl breakages per day) and uninstalled Avast, switching to Windows Defender.