Intermittent connection issues loading/changing site- secure connection failed/site can't be reached

EDIflyer · ‎10-22-2023

Is anyone else occasionally getting a 'connection down' error from Chrome (or 'Secure Connection Failed' from Firefox) when changing page - if I hit refresh it works fine. At first I wondered if it was the site I was using but have noticed it on multiple different major websites over the past couple of months and not noticed it from other locations where I don't use Three Broadband so does seem to be related to the router/connection (this is via wired Ethernet too, so not a WiFi problem). I've tried changing DNS server in case that helps but no difference.

It mainly seems to happen when trying to first load a site or (annoyingly) at checkout when a different site is being loaded as part of the checkout process. It certainly doesn't happen everytime but does happen with reasonable frequency. I've also noticed I often get it when trying to pull/push from/to Github too and have to do so a number of times for it to work (browsing the Github website works fine).

I'm using a NR5103E with Firmware Version V1.00(ACBJ.0)b14 - I tried rebooting it but to no effect.

EDIflyer · ‎05-22-2024

Very interesting - that fits a bit with the experience I had last week of an outage and then the system working afterwards without errors!

Midnight54 · ‎05-22-2024

Sadly no change for me, though no outage this morning either. Last reboot was the tuesday early hours auto scheduled reboot from default settings

toaster · ‎05-21-2024

@JonathanB got in touch with me on Thursday to arrange some live monitoring on Friday but wasn't able to get confirmation from the technical team with their availability. I'm hoping that we can find some time this week to investigate this problem.

For the last few days, I been monitoring my connection with a script that I wrote that connects to the top 100 websites plus a few of the sites that have been mentioned on this thread. These are the failure rates from SSL problems that I've seen:

17 May (am)

'royalmail.com': 6.6%,
'github.com': 0.2%,
'<my AWS https server>': 0.2%,
'ghcr.io': 0.2%,
'linkedin.com': 0.2%,
'gmpg.org': 0.2%,
'wordpress.org': 0.4%,
'en.wikipedia.org': 3%,
'amazon.com': 0.4%,
'vk.com': 11%,
's3.amazonaws.com': 0.2%,
'microsoft.com': 0.2%,
's.w.org': 0.2%,
'de.wikipedia.org': 3%,
'commons.wikimedia.org': 3.2%,
'ted.com': 0.4%

18 May (am)

'royalmail.com': 5.8%,
'github.com': 0.4%,
'en.wikipedia.org': 4.8%,
'vk.com': 15.4%,
'itunes.apple.com': 0.4%,
'paypal.com': 0.4%,
's3.amazonaws.com': 0.6%,
'microsoft.com': 0.6%,
'apps.apple.com': 0.4%,
'cdn.jsdelivr.net': 0.2%,
'podcasts.apple.com': 0.2%,
'de.wikipedia.org': 2.6%,
'forbes.com': 0.2%,
'commons.wikimedia.org': 3.2%,
'ted.com': 0.2%

18 May (pm)

'royalmail.com': 8.2%,
'duckduckgo.com': 0.2%,
'wordpress.org': 0.2%,
'en.wikipedia.org': 3.2%,
'amazon.com': 0.6%,
'vk.com': 10.8%,
'itunes.apple.com': 0.4%,
'microsoft.com': 0.4%,
's.w.org': 0.2%,
'de.wikipedia.org': 4.4%,
'commons.wikimedia.org': 5.2%,
'ted.com': 0.2%

19 May (am)

'royalmail.com': 4.6%,
'github.com': 0.2%,
'duckduckgo.com': 0.2%,
'ghcr.io': 0.2%,
'new.three.co.uk': 0.8%,
'wordpress.org': 0.2%,
'en.wikipedia.org': 2.2%,
'vk.com': 12.6%,
'itunes.apple.com': 1%,
'ec.europa.eu': 0.2%
'paypal.com': 0.2%,
's3.amazonaws.com': 0.2%,
'microsoft.com': 0.6%,
'apps.apple.com': 0.2%,
'support.apple.com': 1.4%,
'de.wikipedia.org': 1.6%,
'mozilla.org': 0.2%,
'imdb.com': 0.6%,
'commons.wikimedia.org': 5.2%

19 May (pm)

'royalmail.com': 1.8%,
'diy.com': 0.2%,
'amazon.com': 0.2%,
'vk.com': 16.4%,
'accounts.google.com': 0.2%,
'microsoft.com': 0.4%,
'patreon.com': 0.2%

20 May (am)

'royalmail.com': 4.8%,
'duckduckgo.com': 0.2%,
'ghcr.io': 0.2%,
'amazon.com': 0.4%,
'vk.com': 12%,
'ec.europa.eu': 0.2%,
'tiktok.com': 0.2%,
's3.amazonaws.com': 0.2%,
'linktr.ee': 0.2%,
'mozilla.org': 0.4%,
'gmail.com': 0.2%

20 May (pm)

'royalmail.com': 2.8%,
'github.com': 0.2%,
'topcashback.co.uk': 0.2%,
'gmpg.org': 0.2%,
'wordpress.org': 0.2%,
'amazon.com': 0.2%,
'creativecommons.org': 0.2%,
'vk.com': 11%,
'paypal.com': 0.2%,
's3.amazonaws.com': 0.6%,
'microsoft.com': 0.4%,
'linktr.ee': 0.2%,
'podcasts.apple.com': 0.2%,
'mozilla.org': 0.2%,
'imdb.com': 0.2%,
'amazon.de': 0.2%

Midnight54 · ‎05-20-2024

Tonight has been ridiculously painful to use. Like others, no issue on work laptop as VPN in use....But my home PC, while no issues with speed when downloads start (circa 600mbps on testing etc) the latency on anything loading is unreal, and a lot of websites are taking multiple attempts to reload, or come up half loaded so cant post and have to refresh!!. Can this be expedited!

robjames_1 · ‎05-20-2024

Three sent a new hub out to me about a week or so ago but it made no difference. Since getting plusnet last Friday I’ve had no issues though.
Hope you all find a better resolution.

l0hn · ‎05-20-2024

I'm getting the exact same problem as everyone else here, it's extremely frustrating. This whiffs a bit of some sort of misconfigured firewall dropping packets / interferring with ssl handshakes.

Is there anyone from Three that can provide a timeline on a fix for this?

bytespider · ‎05-20-2024

There has been no concrete confirmation that anyone is looking into anything. And the only contact, @JonathanB, only responds occasionally to say they will feedback to the "team". It's really disappointing, especially since so many here have done lots to try and provide areas for said teams to investigate.

l0hn · ‎05-20-2024

I've setup a permanent VPN connection on my router as a workaround and no longer get SSL errors.

This is obviously because the VPN circumvents Three's proxy which is interferring with TLS handshakes, assumably sniffing the plain text domain from the handshake for a firewall.

@JonathanB : What gives here? If you guys want to monitor TLS streams at least do it in a way that isn't as noticeable and doesn't cause such an impact to customers.

l0hn · ‎05-20-2024

Well that's just brilliant, I've moved to an area where 5G is the only option until FTTP is rolled out and this initially seemed great as I can achieve ~1gbps.. but it's completely pointless if Three's internal proxy constantly drops packets during TLS handshakes.

I expect a permanent VPN connection on my router will workaround this but this shouldn't be necessary.

@JonathanB: Can you ask someone there if it's possible for specific clients to bypass the proxy? At least keep some of us happy until you can fix this?

Also what's the reason for doing this? Assumably you're using the TLS handshake to sniff the plain text domain for a firewall. The least you could do if you're going to monitor / persist TLS streams is do it well enough that it goes un-noticed.

MP · ‎05-18-2024

Does anyone have an Apple Watch and the Weather app does not always show information (tried all the obvious things to make it work and reinstalling the app), I would assume all traffic is SSL/TLS so I was wondering if it is related to this in some way.