What's new

“ERR_CONNECTION_RESET” or “Secure Connection Failed" on some websites via https

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

wyu177

New Around Here
I'm hoping someone could help me out, I’m having a very strange issue with my Asus ac56u running Merlin 378.55. There are a few websites using https that I can't connect to, instead i get “ERR_CONNECTION_RESET” in chrome and in firefox it shows up as:

“Secure Connection Failed
The connection to the server was reset while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.”

The issue itself doesn’t seem specific to the Merlin firmware since I’ve also tried the latest Asus factory default firmware with the same results.

When using my old router (Cisco E4200) or directly connected to my cable modem the website comes up without any issues

Here are other steps I have taken to resolve the issue without luck:

-few different browsers and computers
-turned off my cable modem and router for 10-15 minutes
-factory default cable modem and router
-changing dns to opendns or googledns
-putting machine on DMZ
-adjusting MTU size
-checking system connection logs in which the connection shows up as “drop”
-setting IPv6 connection type to “Native”
-setting IPv6 enable router advertisement to “disable”
-adjusting TCP/IP settings with longer timeout settings
-setting a Port trigger for port 443

I’ve done a traceroute, but don’t really see anything out of the ordinary :

traceroute to bob.pausd.org (199.80.254.71), 30 hops max, 38 byte packets
1 c-98-xxx-xxx-x.hsd1.ca.comcast.net (98.xxx.xxx.x) 8.093 ms 9.122 ms 11.334 ms
2 te-8-3-ur01.fremontcev1.ca.sfba.comcast.net (68.85.216.185) 7.874 ms 7.900 ms 8.796 ms
3 te-0-7-0-13-sur03.fremont.ca.sfba.comcast.net (68.87.192.65) 9.384 ms 8.526 ms 8.187 ms
4 he-0-14-0-1-ar01.santaclara.ca.sfba.comcast.net (68.85.57.29) 9.499 ms 11.270 ms 9.376 ms
5 * * *
6 he-0-11-0-0-pe02.529bryant.ca.ibone.comcast.net (68.86.86.70) 10.102 ms he-0-10-0-0-pe02.529bryant.ca.ibone.comcast.net (68.86.86.26) 10.144 ms he-0-10-0-1-pe02.529bryant.ca.ibone.comcast.net (68.86.86.30) 9.907 ms
7 173.167.56.62 (173.167.56.62) 10.877 ms 10.017 ms 10.242 ms
8 int-0-1-0-1.r1.pao1.isc.org (149.20.65.22) 14.522 ms 9.965 ms int-0-1-0-0.r1.pao1.isc.org (149.20.65.20) 10.153 ms
9 int-0-1-0-23-40.r1.pao1.isc.org (149.20.0.162) 10.997 ms 10.058 ms 12.234 ms
10 * * *
11 * * *

I’ve run out of ideas and am considering buying a new router to replace this one. I’m hoping someone can give me any tips or suggestions as for next steps?
 
Check your computer clock. Incorrect time will cause SSL to fail.

Sent from my Nexus 4 using Tapatalk
 
Check your computer clock. Incorrect time will cause SSL to fail.

Sent from my Nexus 4 using Tapatalk

Thanks for the reply.
Forgot to mention that I checked the date andtime on all computers tried as well as the date and time on the router and cable modem. Cable modem was 1 hour off, but I've been told its normal.
 
Last edited:
Check your computer clock. Incorrect time will cause SSL to fail.

Sent from my Nexus 4 using Tapatalk

That's one thing, but generally what I've found is that this is a server issue, and one related to clouds and CDN's where things get out of sync and the SSL connection fails...

See RFC5746 - Transport Layer Security (TLS) Renegotiation Indication Extension

https://tools.ietf.org/html/rfc5746
 
That's one thing, but generally what I've found is that this is a server issue, and one related to clouds and CDN's where things get out of sync and the SSL connection fails...

And this is happening quite a bit lately as the big CableCO's are changing peer relationships between themselves, and then you have CDN's like Akamai/Level3 (and others) plus App providers like CloudFlare - SSL can be a serious pain in the A$5...
 
Thanks for the input. The thing that baffles me is why does it work when using my old Cisco router or straight to the cable modem? Is there some strict policy on the asus modem causing the dropped connection?
 
Thanks for the input. The thing that baffles me is why does it work when using my old Cisco router or straight to the cable modem? Is there some strict policy on the asus modem causing the dropped connection?

it's probably not your router...
 
Thanks for the input. The thing that baffles me is why does it work when using my old Cisco router or straight to the cable modem? Is there some strict policy on the asus modem causing the dropped connection?

Check to see if you get the same WAN IP under your old router as you do with the new one. If not, spoof the MAC address of your old into your new one and report back (Assuming you can set the WAN MAC on Merlin's AsusWRT version).

Edit: Looks like you can set the MAC address in Merlin (at least in John's fork so I assume the same for Merlin).
 
Check to see if you get the same WAN IP under your old router as you do with the new one. If not, spoof the MAC address of your old into your new one and report back (Assuming you can set the WAN MAC on Merlin's AsusWRT version).

Edit: Looks like you can set the MAC address in Merlin (at least in John's fork so I assume the same for Merlin).

yes, it looks like the wan IP does not change. I did spoof the IP address just to see if it would make a difference, but it does not. Thanks
 
yes, it looks like the wan IP does not change. I did spoof the IP address just to see if it would make a difference, but it does not. Thanks

Thanks for checking. The reason that I asked was that I had something similar happen when switching routers about 6 months ago and come to find out, the WAN IP changed between routers. From some reason, the old one worked well and the new one not. Once I spoofed the MAC address, it fixed it.

:(

Sorry about that....
 
MTU can cause this. might want to statically set it and test. try 1440 via netsh. Check router mtu as well.
 
Check to see if you get the same WAN IP under your old router as you do with the new one. If not, spoof the MAC address of your old into your new one and report back (Assuming you can set the WAN MAC on Merlin's AsusWRT version).

Edit: Looks like you can set the MAC address in Merlin (at least in John's fork so I assume the same for Merlin).


For Sxxx and Giggles, I spoofed yet another MAC address of another machine I have in the house forcing yet another IP address renew from Comcast. Guess what? it works! Such a strange issue!

You can't imagine how long i've been struggling with this that I'd like to "buy you a beer"! -Please PM me your paypal address.

Thanks everyone else for the suggestions. Problem was solved. It was some strange issue with the Ip address that Comcast was issuing me.
 
For Sxxx and Giggles, I spoofed yet another MAC address of another machine I have in the house forcing yet another IP address renew from Comcast. Guess what? it works! Such a strange issue!

You can't imagine how long i've been struggling with this that I'd like to "buy you a beer"! -Please PM me your paypal address.

Thanks everyone else for the suggestions. Problem was solved. It was some strange issue with the Ip address that Comcast was issuing me.

Glad you got it going! :D

If you want to donate something, send to Merlin, John, or the many other developers who keep these great firmwares moving forward. All I did was pass on a tip that from one of them from months ago that had my mind blown. The IP generated caused a different route within the network (Comcast in your case - TWC in mine) and that was enough to cause pages to hang, etc. Not sure if it was on the ISP end or the end website end (i.e. many larger websites will have different servers to serve the same pages - and the closest one to your ISP is used).

:beer:

Edit: By the way, the first time you spoofed the MAC and it didn't work, you were spoofing the MAC address of the older CISCO router (that works) to the Asus router, correct?

Edit #2: Keep in mind that Comcast may eventually change your IP back. Not sure why Comcast (or in my case, TWC) even give different IP addresses based on the connecting MAC address. Very strange issue indeed.
 
Last edited:
Glad you got it going! :D

If you want to donate something, send to Merlin, John, or the many other developers who keep these great firmwares moving forward. All I did was pass on a tip that from one of them from months ago that had my mind blown. The IP generated caused a different route within the network (Comcast in your case - TWC in mine) and that was enough to cause pages to hang, etc. Not sure if it was on the ISP end or the end website end (i.e. many larger websites will have different servers to serve the same pages - and the closest one to your ISP is used).

:beer:

Edit: By the way, the first time you spoofed the MAC and it didn't work, you were spoofing the MAC address of the older CISCO router (that works) to the Asus router, correct?

Edit #2: Keep in mind that Comcast may eventually change your IP back. Not sure why Comcast (or in my case, TWC) even give different IP addresses based on the connecting MAC address. Very strange issue indeed.


Sounds good, I'll send something Merlin's way. The first time I spoofed my desktop computer which worked awhile back when I had the cable modem directly connected to the computer, the second time I used the mac address off my phone. Thanks for the tip about my IP maybe changing back. Something to keep in mind.
 
Sounds good, I'll send something Merlin's way. The first time I spoofed my desktop computer which worked awhile back when I had the cable modem directly connected to the computer, the second time I used the mac address off my phone. Thanks for the tip about my IP maybe changing back. Something to keep in mind.


When I had the issue, I spoofed the MAC from the router that worked to the one that did not and that took care of it.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top