1115883 - "Connection was interrupted" on Time Warner HTTPS pages (https://www.timewarnercable.com/) because server is TLS 1.2/1.1 intolerant

Status: RESOLVED FIXED

(Web Compatibility :: Site Reports, defect)

Description

[Kyle Simpson]

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0
Build ID: 20141227030218

Steps to reproduce:

Go to "timewarnercable.com", click "shop plans" under "internet".

Tries to load this HTTPS page: https://www.timewarnercable.com/residential/order/?iid=smlban_SPELP_1499:2:1:shopplans


Actual results:

"The connection was interrupted

The connection to www.timewarnercable.com was interrupted while the page was loading."

Comment 1

[Kyle Simpson]

BTW, same URL loads fine in Chrome Canary atm.

Comment 2

[Julien Wajsberg [:julienw]]

First basic tests on Linux:

In Iceweasel (v31.3), it works fine.
In Firefox v31 (I happened to have somewhere), works fine too.

In Firefox v34.0.5 (current stable) it works fine too.

Tested in a old aurora build (Firefox v35 from 2014-11-17), it works fine.
Same in latest Aurora (v36).

But in Nightly (v37) I have the same issue than you. Note that I have the same issue when loading https://www.timewarnercable.com itself, so I suspect an issue at the SSL level.

Note that I also tried with e10s disabled, I have the same issue.

SSLLabs says: https://www.ssllabs.com/ssltest/analyze.html?d=timewarnercable.com
Especially: "This site is intolerant to newer protocol versions, which might cause connection failures."

Tentatively moving this to Core::Networking::HTTP, please move to a different component (maybe NSS::Libraries ?) if it's inappropriate.


[Tracking Requested - why for this release]: basic functionality broken on some websites.

Comment 3

[Sylvestre Ledru [:Sylvestre]]

Brian, does it ring a bell?

Comment 4

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

Any time there is a bug reported about HTTPS pages not loading, the first step is to go to https://www.ssllabs.com/ssltest/analyze.html?d=<domain-name>, and look at the lines that say "intolerance". In this case:

  * https://www.ssllabs.com/ssltest/analyze.html?d=timewarnercable.com
  * Long handshake intolerance: no
  * TLS extension intolerance: no
  * TLS version intolerance: TLS 1.1 TLS 1.2 TLS 1.3 TLS 1.98 TLS 2.98 PROBLEMATIC

When you see the "TLS 1.2" in the version intolerance line, then its probably a result of bug 1084025.

Comment 5

[Patrick McManus [:mcmanus]]

I have the same ssllabs intolerance report (and connection problem with) https://wayfarer.timewarnercable.com (the billpay section of timewarner cable)

Comment 6

[Dave Garrett]

Minor mass change for dependencies of bug 1126620.
(filter on {bf0YGqIfJDgVDlKn3zYc})

As of bug 1114816, these sites are now whitelisted to allow for insecure fallback due to TLS version intolerance. Whilst these sites should now work with the patch applied, these bugs themselves are not actually FIXED until the server is. Moving all of these into the TE product for tracking.

Comment 7

[Lawrence Mandel [:lmandel] (use needinfo)]

Given that this is no longer an issue specific to Firefox 37, I'm dropping tracking and marking 37 as fixed.

Comment 8

[Masatoshi Kimura [:emk]]

Looks like Time Warner fixed the sites.