Closed Bug 157955 Opened 22 years ago Closed 22 years ago

[OCSP] [FIREWALL] SSL Error -5933 at given site

Categories

(Core Graveyard :: Security: UI, defect, P3)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
All
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 111384

People

(Reporter: mozilla, Assigned: ssaux)

References

(Blocks 1 open bug,
URL
)

Details

Attachments

(1 file)

Packet dump of problematic connection to PayPal
8.66 KB, application/octet-stream
Details 
When trying to access given URL (credit-card company), mozilla pauses for a few
seconds and then outputs:

"Error establishing an encrypted connection to secure.cal-online.co.il error
code -5933"

Tracking the source code, it seems to be called from
http://lxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNSSIOLayer.cpp#1293
because this is the only place it's not checked to be an SEC or SSL error (which
it's not).

I can always reproduce this bug, but IIRC the site works fine on Linux.

I'm using Mozilla 2002061104 (1.1 alpha)
Confirmed also under Linux 2002052918 (Mozilla 1.0)
OS: Windows 2000 → All
-> PSM
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: bsharma → junruh
Version: other → unspecified
Works for me. There were problems with the Verisign Class 3 CA in older builds, 
but this works now. Reporter, please try again with today's build.
Severity: major → normal
Status: NEW → RESOLVED
Closed: 22 years ago
Priority: -- → P3
Resolution: --- → WORKSFORME
Version: unspecified → 2.3
Rechecked on today's build on WinNT 2002071708, same result.

Also, the browser does not load any pages, and will not close after visiting the
site. Requires killing the browser from task manager. Potential DoS?
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Update: this fails with paypal.com as well, but sourceforge.net works ok.

This is probably due to some kind of firewall installed here (technion.ac.il).

I have added a tcpdump output (cut down) of the failed connection to PayPal.
Reporter, can you try a new profile, or if you are not using personal 
certificates for client authentication or secure email, delete the *.db files 
in your profile, restart the browser and try the site again?
Deleted *.db in my profile, still happening with www.paypal.com.

Do you have FIPS enabled or OCSP on? 
Edit>Prefs>Privacy>Certificates>Manage Security Devices
Edit>Prefs>Privacy>Validation.
Looking at the packet dump, I can see that besides a connection to
www.paypal.com:443 there is also a connection attempt to ocsp.verisign.com:80

That means you have OCSP turned on. As a workaround, you can disable OCSP
(edit/prefs/privacy/validation).

You say there is a firewall at your place. Do you have to use a proxy to connect
to remote sites? Should a connection from your machine to ocsp.verisign.com:80
go through without using a proxy?

(Note to others looking at the bug: You can read the attachment using "tcpdump
-r filename -n")
Blocks: 157555
Summary: SSL Error -5933 at given site → [OCSP] [FIREWALL] SSL Error -5933 at given site
Yes, my connection requires a firewall for non-israelli sites for port 80, and
yes one was configured (I cut the HTTP access to the firewall from the packet dump).

Also, for reading the dump, I recommend ethereal from http://www.ethereal.com
(open source). I'll check the recommendations in comment 9 as soon as I'm back
to the office (where I have these problems).
Ok, if you need a proxy, then it will not work at the moment. Please see the
duplicate bug.


*** This bug has been marked as a duplicate of 111384 ***
Status: REOPENED → RESOLVED
Closed: 22 years ago22 years ago
Resolution: --- → DUPLICATE
Verified dupe.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.3 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: