Get a Secure Connection Error on some sites

tlsvpn

I am using Firefox version 37.0.2 with an ethernet connection at a university in Bangkok. I consider the university a network a hostile environment as the majority of the computers on this network are running counterfeit versions of Windows, and I have seen a lot of viruses on them.

When I try to visit https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx (and other secure pages on microsoft.com), I get this error:

Firefox Error: Secure Connection Failed

Secure Connection Failed
The connection to the server was reset while the page was loading.

Notes:

  • I get no error when visiting the same url using Google Chrome v42.0.2311.135 or with Microsoft Internet Explorer v11.0.96
  • If I connect to the Internet through a VPN (CyberGhost), I don't get the error at all.
  • I have never added my university's security certificate to my Windows trusted store. I have checked certmgr and cannot see anything related to my university.

I would be really grateful if anyone can answer:

  • Why only Firefox?
  • Why does using a VPN fix it?
  • If I don't trust the university network, would I be safer doing all my web browsing through a trusted VPN?

Best Answer

  • The last FF update messed with my settings. Deleted my homepage, some stored certificates, and it might have even messed with some config information.

    My guess is the university network does a MitM of your TLS connections which isn't uncommon for larger organizations. And the last FF update deleted the stored certificate for the university.

    1. It's only on Firefox because the last update seriously messed with some stuff. As @Ramhound pointed out Firefox uses its own certificate store while Chrome and IE use the OS's certificate store for the user. If Firefox decided to reset a lot of its configuration then any user added certificates could have been removed.
    2. The VPN fixes it because it most likely bypasses their TLS MitM. Although why they allow VPNs at all might be a counter argument to this point.
    3. If you don't trust the university network using a trusted VPN would be a better solution in general.

    As a solution I would look at your Chrome trusted certificates and see if any are installed that relate to your university. Check to see if that certificate(s) are installed in Firefox.