ERR_SSL_PROTOCOL_ERROR on an existing app?

We have been up and running for months with our Auth0 setup, but yesterday we lost the ability to sign in to our site with Auth0.

In multiple browsers, on multiple devices, we’re getting

This site can’t provide a secure connection
**oursiteeurl.us.auth0.com** sent an invalid response

Trying to test in the Auth0 website gives us the same result. I’m not sure how to troubleshoot this, it looks like an Auth0 issue from our side, but there aren’t any errors in any logs that I can find.

1 Like

Firefox reports the error as “SSL_ERROR_RX_RECORD_TOO_LONG”, if that’s helpful.

1 Like

Multiple devices is safe way

Hey @paulnakata ,

Which client you are using to make login requests to Auth0?
Are you using TLS v1.2 and above SSL protocol for making requests?

Regards,
Sidharth

2 Likes

@sidharth.chaudhary we use the Auth0 login box. If I log in to the Auth0 portal, click “Getting Started”, then click “Try it out” under “Try your login box”, I get the same error.

We redirect from our website to Auth0 for social login. If you go there and click “Log in” or “Try it Free” you’ll see the same behavior.

2 Likes

This ended up being an issue with XFinity. For some reason, they began blocking our Auth0 subdomain. Sorry for the noise!

In case someone finds this via a search in the future: the issue is with Xfinity “xFI Advanced Security”. There is no way to whitelist domains, so you will have to turn it off completely. I followed these steps from the Xfinity mobile app to disable it: Using Xfinity xFi Advanced Security - Xfinity Support

2 Likes

Thanks for letting us know!

1 Like

If you have any other questions down the road, let us know!

When a browser shows the Err_ssl_protocol_error, it indicates the browser is no longer able to access or initiate the secured communication. There is no definite guide for managing this error. Follow given steps to resolve this error from Client side:

  • Try correcting the system date and time.
  • Try clearing Google Chrome browsing data.
  • Try clearing your SSL State.
  • Try disabling the QUIC Protocol.
  • Try checking your antivirus settings.
  • Try enabling all SSL/TLS versions.

Also, this error is because of the following server side problems:

  • Invalid SSL or SSL is untrusted (self-signed)
  • SSL Not installed properly
  • Old Technology or SSL/TLS version for encryption
1 Like

Thanks for sharing that with the rest of community!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.