Closed Bug 54031 Opened 24 years ago Closed 23 years ago

uboc.com - Can't bring up UBOC bank at home login form. Eventually hangs.

Categories

(Tech Evangelism Graveyard :: English US, defect, P1)

Product:
Tech Evangelism Graveyard
Component:
English US
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED WORKSFORME

People

(Reporter: dbragg, Assigned: arun)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: [rtm-] relnote-user [BANK][TLS])

Build #2000092208 To reproduce: 1. Type www.uboc.com in location bar (This is the Union Bank of California site) 2. Click on Use Bank@Home button. (This tries to go to https://banking.uboc.com/UBOC/BankAtHome/loginFrameset.jsp) Result 1: Looks like a time-out. The throbber stops and you can click on something else or pull down a menu or whatever but you don't get the login page. Result 2: Looks like a crash. After getting Result 1 a couple of times and simply trying the Bank@Home button agian, the throbber freezes mid-throb and you can't click on anything. Brining up the Windows task manager reveals that netscap6.exe and psm.exe are both fluxuating in CPU usage and memory. Netscape6.exe is on the order of 50-70% CPU fluxuation with increasing memory usage. Psm.exe fluxuates around 0-28% without increasing memory usage. You don't actually need an account to reproduce this. However, as soon as I can get to the login page I'll try to actually login. (We'll see what happens then.)
URL: http://www.uboc.com
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → INVALID
Marking invalid. This site is running a Domino web server - IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Unix). Since PSM 1.3 has TLS (a new version of SSL) enabled by default, and Domino servers need bug fixes in order to handle TLS properly, that is why the site cannot be reached. With the 9/22 build of PSM 1.3, I do not see a crash, but there is also no warning that the site cannot be reached - bug 33772. The final PSM 1.3 will allow TLS to be turned off in the Security Manager UI, during the time that Domino server users receive patches from IBM to upgrade their servers. You can find out what secure server Union Bank is running by visiting http://www.netcraft.com/sslwhats/ and typing in banking.uboc.com:443.
Not to be nit picky here but this kind of sucks. 4.7 handles this just fine. Whether they need to fix it or not, it's my bank. I cannot use Seamonkey as dogfood for this reason. At the VERY least we need to tell the user to contact the site that is using this bogus version of Domino web server.
I'm putting in my vote to leave TLS off by default, at least for a few more months to give time for webmasters to install patches to their domino servers. It's better than hearing "It works with IE and Netscape 4.7"
Reopening for discussion. Adding keywords nsbeta3 and crash keywords. I witnessed the crash on dbragg's WinNT machine. I would like to see TLS turned off by default.
Status: RESOLVED → REOPENED
Keywords: crash, nsbeta3
Resolution: INVALID → ---
We notified IBM about this before PSM 1.2 came out. We were originally going to enable TLS in 1.2, but decided not to so that Domino server customers could be told about this problem. Just in case you didn't know, the problem is due to a non-compliant SSL implementation in the Domino server. IMHO It's better that web administrators know their sites don't work with the Beta product and fix their sites before the RTM version comes out. That's why we're choosing to enable TLS in Beta 3 instead of waiting utnil RTM.
I understand (and even agree) with your point about having the web administrators and IBM fix their part of this but the REALITY is that this might not get done right away. I don't believe we have the clout (anymore) to force this fix "web-wide". Especially since our own product (4.x) works with it and so does IE. I personally cannot use Seamonkey with my own bank and I'm a Seamonkey developer. I think marketing should be involved in this decision.
If turning on TLS causes PSM to crash, we cannot blame that on old servers.
*** Bug 49179 has been marked as a duplicate of this bug. ***
Adding release note: "Netscape 6 may not be able to connect to some secure (https) IBM web servers."
Keywords: relnote3
Nominating for rtm.
Keywords: rtm
Changing QA contact to nitinp
QA Contact: junruh → nitinp
If this bug is really about turning off TLS by default, there was another bug about that and this should be marked dup. If you care about an underlying problem, then this bug should not be about turning off TLS by default. Please update the bug to your preference. Marking rtm- because we don't appear able to fix this in time for RTM.
Whiteboard: [rtm-]
I'd be glad to mark this as a dup of the "TLS off by default" bug but I can't find such a bug. I searched Bugzilla and Bugscape.
When we relnote this, make sure we emphasise it's the site's problem, not ours :-) Gerv
Whiteboard: [rtm-] → [rtm-] relnote-user
Marking wontfix. This problem has been release noted, and it is also a dupe of bug 56865 "Turn off TLS by default", which is marked as invalid. The workaround for the user is open the Security Manager, Advanced, Options, and turn off TLS in PSM 1.4. The workaround for the server administrators is to apply a patch to make the server TLS tolerant.
Status: REOPENED → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → WONTFIX
To confirm, turning off TLS in the Security Manager allowed me to get to the Union Bank Bank@Home login screen.
Verified.
Status: RESOLVED → VERIFIED
running 2000120621 build on linux, 1.3psm, can't turn off TSL, option to turn it of is not there. Any ideas what happend to the option?
Even with TLS unchecked, I can't log in to my bank's website properly. Regardless of the age of the protocol they are using, it should work. I start at http://www.tdaccess.com/ and click the login button on the top right. When TLS is enabled, I can't get to the next page. Disabling TLS gets me a little further to the screen that lets me enter my UserId and Password but then I get a message that I can't log in that way. I think my bank uses ASP. I'm using build 2001-02-01-08 on linux RedHat 6.2
Even with TLS unchecked, I can't log in to my bank's website properly. Regardless of the age of the protocol they are using, it should work. I start at http://www.tdaccess.com/ and click the login button on the top right. When TLS is enabled, I can't get to the next page. Disabling TLS gets me a little further to the screen that lets me enter my UserId and Password but then I get a message that I can't log in that way. I think my bank uses ASP. I'm using build 2001-02-01-08 on linux RedHat 6.2
Shouldn't this bug be reopened and assigned to Evangelism like all other bugs which are really problems of the specific web site?
OS: Windows NT → All
Hardware: PC → All
*** Bug 69162 has been marked as a duplicate of this bug. ***
Status: VERIFIED → REOPENED
Resolution: WONTFIX → ---
Reopening since nobody objected ...
Assignee: ddrinan → evangelism
Status: REOPENED → NEW
Component: Client Library → Evangelism
Product: PSM → Browser
QA Contact: nitinp → zach
Version: 1.01 → other
... and over to Evangelism.
Assigning to Netscape Technology Evangelim team. For further info, send mail to devsupport@netscape.com.
Seems to now work w/NS 6.0. Please close this bug.
Status: NEW → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → WORKSFORME
I have followed this bug in the past and I am letting you know that the negotiation of Netscape does not work if the server is not using tls. I have apache running on 3 different platforms that has two different types of ssl that work securely under IE, Netscape 4.7, and older versions of both. There has never been a problem until mozilla and Netscape 6 decided to come out. And the little fix by disabling the tls works so that Netscape can use the older versions of ssl that actually work. I am sorry that we have not upgraded to tls to solve your problem. But the browser does not work with older versions of ssl correctly. Why do I have to disable the browser features that actually stops it from reaching a number of sites. And it actually just causes problems for a number of sites that are running valid implementations of ssl. I know of the problem with IBM's webserver but we are using Apache with mod_ssl. And shouldn't be punished that the browser is not backwards compatible. And mod_tls has become available in 1.3.19 but we are not completely up to date because we do not have to deal with the most recent bugs. This problem has been problem in many similar bugs as listed above but nothing seems to be done about it. I feel you are doing more of a disservice to have this feature in force if it cannot work with older implementations. I realize that this is more towards the IBM webserver but the problem we are experiencing is directly to Netscape 6 and apache mod_ssl that is not working. But the same problem is that the default tls is causing multiple problem because it is not able to use the current implementaton of ssl on the server. Here is one example https://www.guero.com We are using a wildcard thawte certificate on Apache 1.3.13 with mod_ssl on BSDi. Then we have openssl with Apache 1.3.13 on FreeBSD and Solaris. Please feel free to write back and let me know if I am way off base but I can show you hundreds of sites affected by this bug in the browser. I can give more specific on the setup and details of the problem. thanks jeremy
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
It is not necessary for a server to implement TLS to work with mozilla. It is only necessary for the server to correctly implement SSL 3.0 per the spec. Most SSL 3.0 servers deployed today do NOT implement TLS, but DO succesfully negotiate an SSL 3.0 session with mozilla. Mozilla is capable of speaking both SSL 3.0 and TLS (SSL 3.1). The SSL 3.0 spec specifies how an SSL 3.0 server should negotiate an SSL 3.0 session with a client that is capable of speaking both SSL 3.0 and also newer versions of SSL. Servers that correctly implement it work with Mozilla. Servers that do not work with mozilla's SSL have not implemented SSL 3.0 correctly.
Blake, I'm taking this one if you don't mind.
Assignee: evangelism → bclary
Status: REOPENED → NEW
Whiteboard: [rtm-] relnote-user → [rtm-] relnote-user [BANK][TLS]
Note that this problem also has occurred for me (using build 2001062815 on Windows 2000) on NetFlix (http://www.netflix.com) when logging in securely. NetCraft shows that they are running: WebLogic 5.1.0 Service Pack 9 04/06/2001 12:48:33 #105983 - 128 bit domestic version. So, I'm betting that this is a lot more frequently occurring than realized. This problem alone prevents me from making Mozilla my primary browser.
ted, I can access the login page using 2001-07-10-03/win2k. A work around for TLS intolerant servers was put in 'a while' back. Get a recent build and try again. --bc
Priority: P3 → P1
Summary: Can't bring up UBOC bank at home login form. Eventually hangs. → uboc.com - Can't bring up UBOC bank at home login form. Eventually hangs.
contacted 07/13/01 via web form at https://www.uboc.com/UBOCSSLForms/Contact+Us+Frameset?OpenForm&Home. Sent standard TLS letter.
Status: NEW → ASSIGNED
All Evangelism Bugs are now in the Product Tech Evangelism. See bug 86997 for details.
Component: Evangelism → US English
Product: Browser → Tech Evangelism
Version: other → unspecified
-> Arun
Assignee: bclary → aruner
Status: ASSIGNED → NEW
Just my 2 cents. Currently I cannot login to www.hotmail.com or www.wingspan.com. I'm running RedHat Linux 7.0 and mozilla 0.93. I do not know if this is related to TLS, a site that's not implementing SSL 3.0 correctly, or what have you. When I try to access the sites by clicking the login button the screen flashes. I think the first time it asked if I wanted to save the password. No matter what I chose, it didn't make a difference. The dialog would go away, the screen would flash, and I'd be at the login screen. Even if these sites are not doing something properly, the fact that I can get to them in any version of IE or in Netscape 4.x, but not Mozilla, means that I cannot use Mozilla as my default browser. I doubt that Mozilla has anywhere near the clout to get these sites to change, and even if you could get the big ones to upgrade there would still be a ton of smaller sites that won't because of Human Resource issues - laziness, not enough headcount, etc. And because it works properly in other browsers that have more market share it won't be seen as a problem with the sites, it will be seen as a buggy version of Mozilla. Certainly if it crashes Mozilla on other platforms, that is a bug! Finally, on the advanced tab, I'm not seeing the option to disable tls. Am I missing something? Austin - awdunham@hotmail.com
And then I had to bring up an old version of Netscape to get my new password to enter my previous, long winded comments...
Hi there, I've got also trouble reaching the following sites: http://webmail.sema-telecoms.com or http://www.web.de (and then clicking "SSL-Login" on the right side, right handed of the the Login-Button) Mozilla tries to connect that site but then nothing happens. Netcraft gives me the following information on the webmail.sema-telecoms.com site: HTTPS Server Microsoft-IIS/5.0 Supported SSL ciphers: * RC4 with MD5 So there's no IBM server running on that site. In fact I didn't managed it to reach any https site I needed until now. I'm using mozilla 0.9.3 Cheers, erik
I unchecked the "Enable TLS" checkbox in the preferences after installing the Personal Security Manager and now it works fine for me...
url wfm on linux cvs from 2 days ago
mass-reassign of all bank bugs to the banks component. You may filter for this change by searching for the string 'ilovetriagebecauseitisfun'
Component: US General → US Banks
QA Contact: zach → bclary
Site WFM and marking as such. Tested in Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.8+) Gecko/20020301
Status: NEW → RESOLVED
Closed: 24 years ago23 years ago
Resolution: --- → WORKSFORME
Verified 2002030908/WinXP
URL: http://www.uboc.comhttp://www.uboc.com/
Status: RESOLVED → VERIFIED
*** Bug 138246 has been marked as a duplicate of this bug. ***
SPAM: New Components
Component: US Banks → English US
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.