搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Firefox-only connection problems with some SSL sites network-wide

  • 3 回覆
  • 11 有這個問題
  • 1 次檢視
  • 最近回覆由 gohanman

more options

I recently starting experiencing problems with sites not loading in Firefox with the error "Connection was interrupted". I've consistently seen this problem trying to load accounts.google.com. The problem exists in both versions 3.6.26 (OS X 10.4 latest available) and 10.0.1 (Windows XP/7/server2k3). In every single case, other browsers on the same system (Safari, various IE versions) can load the same URLs just fine.

I've already verified no proxy (FF and working browsers, all OSes), disabled ipv6 and preteching in network.dns, disabled all add-ons, deleted existing profiles, cleared cache, and cleared recent history. Existing articles suggest disabling DNS prefetch,

I recently starting experiencing problems with sites not loading in Firefox with the error "Connection was interrupted". I've consistently seen this problem trying to load accounts.google.com. The problem exists in both versions 3.6.26 (OS X 10.4 latest available) and 10.0.1 (Windows XP/7/server2k3). In every single case, other browsers on the same system (Safari, various IE versions) can load the same URLs just fine. I've already verified no proxy (FF and working browsers, all OSes), disabled ipv6 and preteching in network.dns, disabled all add-ons, deleted existing profiles, cleared cache, and cleared recent history. Existing articles suggest disabling DNS prefetch,

所有回覆 (3)

more options

Follow up: if I pass connections through a Fiddler proxy Firefox (10.0.1, connection fails) issues repeated ocsp requests to ocsp.thawte.com. These requests all get an HTTP 502 back. IE (8, connection works) does not issue a similar request.

more options

Do you have a specific OCSP server set or aborting when validation fails?

Check the OCSP settings:

  • Firefox > Preferences > Advanced > Encryption: Certificates: Validation
  • [ ] "When an OCSP server connection fails, treat the certificate as invalid"

See also:

more options

Nope. Settings are default as far as I can tell. Validate a certificate if it specifies an OCSP server is selected, connection-fails-invalid is not checked.

I resolved the issue after talking to my ISP - there was a DNS caching issue and I was getting an invalid IP for ocsp.thawte.com - but the behavior seems buggy. The OCSP server connection WAS failing (with a timeout) and per Fiddler FF just keeps issuing repeat OCSP requests before eventually giving up with the interrupted connection error. The "When an OCSP server connection fails" option doesn't seem to do what it says in this case; prior to getting the DNS issue fixed the only solution was to disable OCSP completely.

Perhaps the problem is that the OCSP connection timed out rather than being refused or unresolvable, but recognizing multiple timeouts as a connection failure might be more user-friendly.