If Firefox on your Mac suddenly refuses to load one or more websites and shows Secure Connection Failed (often with SSL_ERROR_RX_RECORD_TOO_LONG or PR_END_OF_FILE_ERROR), it usually means the encrypted connection is being interrupted or “translated” somewhere between Firefox and the site.

Split padlock over network cable symbolizing broken secure connection

These steps focus on the most common culprits on macOS: VPNs, proxies, DNS, captive portals, and security tools that inspect HTTPS.

1. Confirm it’s not just one site (try a few known HTTPS sites)

Before changing anything, check whether this is site-specific or network-wide.

  • Try opening 2–3 sites you trust that are definitely HTTPS (for example: a major news site, your bank’s homepage, or a big search engine).
  • If only one site fails, the issue may be that site’s TLS configuration, your local cache, or a content filter rule.
  • If many sites fail, treat it as a network/VPN/DNS/proxy problem and continue.

2. Disable VPN, security filters, and “HTTPS scanning” temporarily

Many “Secure Connection Failed” errors on macOS come from tools that intercept encrypted traffic (VPN apps, antivirus web shields, parental controls, or corporate security agents). They can present a certificate Firefox doesn’t accept, or they can break the TLS handshake entirely.

Shield and toggle switch showing VPN or filter turned off

  • Turn off your VPN app completely (not just “disconnect” if it still runs a filter).
  • If you have antivirus or network protection installed, look for settings like HTTPS scanning, SSL inspection, or Web Shield and disable temporarily.
  • If you’re on a work/school Mac, a managed security agent may be required. In that case, note the error code and contact your admin rather than removing it.

After disabling, quit and reopen Firefox, then try the site again.

3. Check macOS proxy settings (a stale proxy can break TLS)

A leftover proxy (common after using corporate Wi‑Fi, debugging tools, or certain VPNs) can cause TLS errors that look like the website is at fault.

  • Open System Settings (or System Preferences) > Network.
  • Select your active connection (Wi‑Fi or Ethernet) > Details (or Advanced) > Proxies.
  • If anything is enabled and you don’t explicitly use it, turn it off (especially Web Proxy (HTTP) and Secure Web Proxy (HTTPS)).

Reconnect to the network (toggle Wi‑Fi off/on) and retry.

4. Rule out a captive portal or “sign in to Wi‑Fi” page

Hotel, airport, cafe, and even some office networks require a sign-in page. If the portal is half-triggered, Firefox may hit a redirect loop or broken TLS path and show a secure connection error instead of the login page.

  • Open macOS Wi‑Fi and look for a “Sign In” prompt.
  • Try visiting a non-HTTPS page that commonly triggers portals (for example, http://neverssl.com).
  • If you see a portal, complete it, then reload your original site.

One quick test: switch to a phone hotspot. If everything works there, your current network is the cause.

5. Change DNS (or flush it) to fix bad resolution paths

DNS problems can send you to the wrong IP or a filtering endpoint that doesn’t properly support TLS, which then shows up as PR_END_OF_FILE_ERROR or other handshake failures.

Servers and reroute arrow representing switching DNS providers

  • In System Settings > Network > your connection > Details > DNS, add a public DNS like 1.1.1.1 and 1.0.0.1 (Cloudflare) or 8.8.8.8 and 8.8.4.4 (Google).
  • Remove unfamiliar DNS entries you didn’t set (common with ad blockers or old VPN profiles).
  • After changing DNS, disconnect/reconnect Wi‑Fi and retry in Firefox.

If you use a custom DNS for a reason (work, filtering), note your original values so you can restore them.

6. Clear Firefox site data for the failing domain (and test in a Private Window)

If the problem is isolated to one site, clearing that site’s data can remove stale HSTS/cookies/cached redirects that keep forcing a bad connection pattern.

  • Try the site in a Private Window first (File > New Private Window).
  • If Private works, go to Firefox Settings > Privacy & Security > Cookies and Site Data > Manage Data.
  • Search the domain, remove it, then reload the site.

This won’t fix a broken network path, but it’s a clean way to rule out local site state.

7. Check the system date/time and remove suspicious certificates (carefully)

Incorrect time can make certificates look expired or “not yet valid,” and certain filtering tools install root certificates that can confuse or break validation.

  • Go to macOS System Settings > General > Date & Time and enable Set time automatically.
  • Open Keychain Access, and look under System and Login for certificates installed by VPN/security/filtering tools you no longer use.
  • If you’re not sure, don’t delete certificates blindly. A safer move is to uninstall the related app properly, then restart.

If the Mac is managed (MDM), certificate policies may be enforced—again, that’s an admin fix.

Final thoughts

On macOS, “Secure Connection Failed” in Firefox is usually caused by something in the network chain (VPN/proxy/DNS/captive portal) rather than Firefox itself.

If steps 2–5 don’t change anything, try another network (phone hotspot). That one test often tells you whether to keep debugging Firefox or focus on the current Wi‑Fi/router.