blog.blockchain.com generates inappropriate_fallback alert

RESOLVED WORKSFORME

Status

()

RESOLVED WORKSFORME
4 years ago
4 years ago

People

(Reporter: mt, Unassigned)

Tracking

(Depends on: 1 bug)

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

4 years ago
https://blog.blockchain.com/ triggers fallback from TLS 1.2 due to a name failure.

    TLSv1.2 Record Layer: Alert (Level: Warning, Description: Unrecognized Name)
        Content Type: Alert (21)
        Version: TLS 1.2 (0x0303)
        Length: 2
        Alert Message
            Level: Warning (1)
            Description: Unrecognized Name (112)
    TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
        Content Type: Alert (21)
        Version: TLS 1.2 (0x0303)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Handshake Failure (40)

The subsequent TLS 1.1 handshake fails with a fatal inappropriate_fallback alert.

The site is not present on HTTPS, likely because a certificate hasn't been provisioned, but we report a fairly cryptic (and scary) message when the connection fails.

This appears to be an error in how we report problems, and it may be something we could improve the reporting on.  Starting with bug 1075167 is probably the best thing.

Ultimately, we might want to consider integrating warning alerts into the process of determining what error to report, but for cases like this, it's probably not going to have that big a return on investment.
Work for me. The site fixed the issue?
(Reporter)

Comment 2

4 years ago
Still failing for me.  Perhaps we are hitting different instances.  I have 50.87.196.92, is yours being served from a different IP?
(In reply to Martin Thomson [:mt] from comment #2)
> Still failing for me.  Perhaps we are hitting different instances.  I have
> 50.87.196.92, is yours being served from a different IP?

50.87.196.92, the same IP address.

Comment 4

4 years ago
Is this still an issue? This WFM for me on Aurora 38 with fallbacks disabled.
Flags: needinfo?(martin.thomson)
(Reporter)

Comment 5

4 years ago
Yes, WFM now too.  The server now supports the fallback SCSV, so they must have updated.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Flags: needinfo?(martin.thomson)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.