Closed
Bug 1108677
Opened 10 years ago
Closed 9 years ago
blog.blockchain.com generates inappropriate_fallback alert
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: mt, Unassigned)
References
(Depends on 1 open bug, )
Details
https://blog.blockchain.com/ triggers fallback from TLS 1.2 due to a name failure. TLSv1.2 Record Layer: Alert (Level: Warning, Description: Unrecognized Name) Content Type: Alert (21) Version: TLS 1.2 (0x0303) Length: 2 Alert Message Level: Warning (1) Description: Unrecognized Name (112) TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure) Content Type: Alert (21) Version: TLS 1.2 (0x0303) Length: 2 Alert Message Level: Fatal (2) Description: Handshake Failure (40) The subsequent TLS 1.1 handshake fails with a fatal inappropriate_fallback alert. The site is not present on HTTPS, likely because a certificate hasn't been provisioned, but we report a fairly cryptic (and scary) message when the connection fails. This appears to be an error in how we report problems, and it may be something we could improve the reporting on. Starting with bug 1075167 is probably the best thing. Ultimately, we might want to consider integrating warning alerts into the process of determining what error to report, but for cases like this, it's probably not going to have that big a return on investment.
Comment 1•10 years ago
|
||
Work for me. The site fixed the issue?
Reporter | ||
Comment 2•10 years ago
|
||
Still failing for me. Perhaps we are hitting different instances. I have 50.87.196.92, is yours being served from a different IP?
Comment 3•10 years ago
|
||
(In reply to Martin Thomson [:mt] from comment #2) > Still failing for me. Perhaps we are hitting different instances. I have > 50.87.196.92, is yours being served from a different IP? 50.87.196.92, the same IP address.
Comment 4•9 years ago
|
||
Is this still an issue? This WFM for me on Aurora 38 with fallbacks disabled.
Flags: needinfo?(martin.thomson)
Reporter | ||
Comment 5•9 years ago
|
||
Yes, WFM now too. The server now supports the fallback SCSV, so they must have updated.
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(martin.thomson)
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•