Closed
Bug 733958
Opened 12 years ago
Closed 12 years ago
bugzilla.mozilla.org fails to load when security.ssl.require_safe_negotiation is enabled
Categories
(mozilla.org Graveyard :: Server Operations, task)
mozilla.org Graveyard
Server Operations
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 555952
People
(Reporter: aerowolf, Unassigned)
References
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2 Build ID: 20120215223356 Steps to reproduce: Firefox 10, security.ssl.require_secure_negotiation=true. Attempted to file bug about addons.mozilla.org intermittent insecure negotiation. Actual results: Step 2 (which relies upon Javascript being loaded) failed to do anything when I clicked the "find bugs similar" button. I was forced to disable security.ssl.require_secure_negotiation=true. Expected results: The javascript-vending server should support secure negotiation, so javascript required by Bugzilla will load correctly with require_secure_negotiation=true.
Component: General → Untriaged
Product: bugzilla.mozilla.org → Firefox
QA Contact: general → untriaged
Version: Current → 10 Branch
oh, wait, sorry. note to self: drink coffee, _then_ triage bugs :)
Component: Untriaged → Extensions: GuidedBugEntry
Product: Firefox → bugzilla.mozilla.org
QA Contact: untriaged → guided-bug-entry
Version: 10 Branch → Current
security.ssl.require_secure_negotiation isn't a recognised option. i assume you mean security.ssl.require_safe_negotiation when enabled, even non-javascript requests can result in: > An error occurred during a connection to bugzilla.mozilla.org. > Peer attempted old style (potentially vulnerable) handshake. > (Error code: ssl_error_unsafe_negotiation) the documentation for this setting, at https://wiki.mozilla.org/Security:Renegotiation#security.ssl.require_safe_negotiation says: > Unfortunately, as of time of (initial) writing, this would break > nearly all secure sites on the web. (Update: As of December 2010, > this still applies for a majority of web sites.)
Assignee: nobody → server-ops-devservices
Component: Extensions: GuidedBugEntry → Server Operations: Developer Services
Product: bugzilla.mozilla.org → mozilla.org
QA Contact: guided-bug-entry → shyam
Version: Current → other
Updated•12 years ago
|
Assignee: server-ops-devservices → server-ops
Component: Server Operations: Developer Services → Server Operations: AMO Operations
QA Contact: shyam → oremj
Comment 4•12 years ago
|
||
When were you seeing the failures? Does it work now?
(In reply to Jeremy Orem [:oremj] from comment #4) > When were you seeing the failures? Does it work now? i was able to reproduce this with nightly at the time i made comment 2.
Comment 6•12 years ago
|
||
This bug is for bugzilla.mozilla.org, not addons.mozilla.org right?
Component: Server Operations: AMO Operations → Server Operations
QA Contact: oremj → phong
Comment 7•12 years ago
|
||
Isn't this just because statse.webtrendslive.com doesn't support RFC 5746, which there are already a bazillion bugs about?
Comment 8•12 years ago
|
||
Byron, is that where you are seeing the failure?
no, this isn't rfc-5746 again, this is on bugzilla.mozilla.org. to reiterate the steps to reproduce: 1. set security.ssl.require_safe_negotiation to true 2. load https://bugzilla.mozilla.org/ results: An error occurred during a connection to bugzilla.mozilla.org. Peer attempted old style (potentially vulnerable) handshake. (Error code: ssl_error_unsafe_negotiation)
Summary: Javascript sometimes fails to load when Firefox security.ssl.require_secure_negotiation true → bugzilla.mozilla.org fails to load when security.ssl.require_safe_negotiation is enabled
Comment 10•12 years ago
|
||
This likely is an RFC 5746 issue, just not with webtrends. We have several bugs open about this kind of issue... the TL;DR is: Firefox complains, but everything else we can find to test with says everything is A-OK. This includes "openssl s_client", "gnutls-cli", https://www.ssllabs.com/, the Zeus LB configuration, and the Zeus tech support engineers. I don't know if Chrome, Safari, IE, or Opera have similar built-in ways to check. The master bug on this is Bug 555952. If you have any information that might speak to this issue, I recommend entering it there, or in one of the myriad of dependent bugs. In fact, if I'm not mistaken in my diagnosis here, it might be wise to set this one as dependent on that one as well.
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Updated•9 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•