Technical Tip : 'SSL_BAD_MAC_ERROR_READ' Firefox browser error when deep-inspection is enabled

pdelapena · ‎04-22-2025

Description

This article describes the error 'SSL_BAD_MAC_ERROR_READ' being encountered in the Firefox browser whenever deep-packet inspection is enabled.

Scope

FortiGate v7.2, v7.4, and v7.6

Solution

Whenever a (TLS 1.3) website is accessed for the very first time, an error code: 'SSL_ERROR_BAD_MAC_READ' in Firefox browser may be encountered. With further details saying that, 'An error occurred during a connection to <website URL>. SSL received a record with an incorrect Message Authentication Code.'.

A simple refresh of the webpage will load the website completely with no issue. The error is due to the TLS 1.3 session failing after certificate verification.

IPS debug output:

[39079441,369]: [INFO] HANDSHAKE message: type=COMPRESSED_CERT(25), len=2303
[39079442,369]: [INFO] cert decompressed, size: 2770
[39079442,369]: [DBG] skip extensions, data left: 1839
[39079442,369]: [DBG] cert extension size: 717
[39079448,369]: [DBG] skip extensions, data left: 2
[39079448,369]: [DBG] cert extension size: 0
[39079451,369]: [DBG] keep detect when ssl hello valid
[39079451,369]: [ERROR] process_record returned -1

If the issue is encountered, the IPS engine must be updated to a recent build. IPS engines that fixed the issue have been released in the following FortiOS versions.

Upgrade to these versions for a fix:

v7.2.12.
v7.4.8.
v7.6.3.

Technical Tip : 'SSL_BAD_MAC_ERROR_READ' Firefox browser error when deep-inspection is enabled

You are leaving our website