Technical Tip : 'SSL_BAD_MAC_ERROR_READ' Firefox browser error when deep-inspection is enabled

Whenever a (TLS 1.3) website is accessed for the very first time, an error code: 'SSL_ERROR_BAD_MAC_READ' in Firefox browser may be encountered. With further details saying that, 'An error occurred during a connection to <website URL>. SSL received a record with an incorrect Message Authentication Code.'.

A simple refresh of the webpage will load the website completely with no issue. The error is due to the TLS 1.3 session failing after certificate verification. 

IPS debug output:

[39079441,369]: [INFO] HANDSHAKE message: type=COMPRESSED_CERT(25), len=2303
[39079442,369]: [INFO] cert decompressed, size: 2770
[39079442,369]: [DBG] skip extensions, data left: 1839
[39079442,369]: [DBG] cert extension size: 717
[39079448,369]: [DBG] skip extensions, data left: 2
[39079448,369]: [DBG] cert extension size: 0
[39079451,369]: [DBG] keep detect when ssl hello valid
[39079451,369]: [ERROR] process_record returned -1

If the issue is encountered, the IPS engine must be updated to a recent build.  IPS engines that fixed the issue have been released in the following FortiOS versions.

Upgrade to these versions for a fix:

• v7.2.12.
• v7.4.8.
• v7.6.3.