"Connection was interrupted" on Time Warner HTTPS pages (https://www.timewarnercable.com/) because server is TLS 1.2/1.1 intolerant

RESOLVED FIXED

Status

Tech Evangelism
Desktop
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: Kyle Simpson, Unassigned)

Tracking

({regression})

Trunk
x86
Mac OS X
regression

Firefox Tracking Flags

(firefox34 unaffected, firefox35 unaffected, firefox36 unaffected, firefox37- fixed)

Details

(URL)

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0
Build ID: 20141227030218

Steps to reproduce:

Go to "timewarnercable.com", click "shop plans" under "internet".

Tries to load this HTTPS page: https://www.timewarnercable.com/residential/order/?iid=smlban_SPELP_1499:2:1:shopplans


Actual results:

"The connection was interrupted

The connection to www.timewarnercable.com was interrupted while the page was loading."
(Reporter)

Updated

3 years ago
(Reporter)

Comment 1

3 years ago
BTW, same URL loads fine in Chrome Canary atm.
First basic tests on Linux:

In Iceweasel (v31.3), it works fine.
In Firefox v31 (I happened to have somewhere), works fine too.

In Firefox v34.0.5 (current stable) it works fine too.

Tested in a old aurora build (Firefox v35 from 2014-11-17), it works fine.
Same in latest Aurora (v36).

But in Nightly (v37) I have the same issue than you. Note that I have the same issue when loading https://www.timewarnercable.com itself, so I suspect an issue at the SSL level.

Note that I also tried with e10s disabled, I have the same issue.

SSLLabs says: https://www.ssllabs.com/ssltest/analyze.html?d=timewarnercable.com
Especially: "This site is intolerant to newer protocol versions, which might cause connection failures."

Tentatively moving this to Core::Networking::HTTP, please move to a different component (maybe NSS::Libraries ?) if it's inappropriate.


[Tracking Requested - why for this release]: basic functionality broken on some websites.
status-firefox34: --- → unaffected
status-firefox35: --- → unaffected
status-firefox36: --- → unaffected
status-firefox37: --- → affected
tracking-firefox37: --- → ?
Component: Untriaged → Networking: HTTP
Product: Firefox → Core
Status: UNCONFIRMED → NEW
Ever confirmed: true
Brian, does it ring a bell?
tracking-firefox37: ? → +
Flags: needinfo?(brian)
Keywords: regressionwindow-wanted
Any time there is a bug reported about HTTPS pages not loading, the first step is to go to https://www.ssllabs.com/ssltest/analyze.html?d=<domain-name>, and look at the lines that say "intolerance". In this case:

  * https://www.ssllabs.com/ssltest/analyze.html?d=timewarnercable.com
  * Long handshake intolerance: no
  * TLS extension intolerance: no
  * TLS version intolerance: TLS 1.1 TLS 1.2 TLS 1.3 TLS 1.98 TLS 2.98 PROBLEMATIC

When you see the "TLS 1.2" in the version intolerance line, then its probably a result of bug 1084025.
Blocks: 1084025
Component: Networking: HTTP → Security: PSM
Flags: needinfo?(brian)
Keywords: regressionwindow-wanted → regression
Summary: "Connection was interrupted" Time Warner HTTPS pages fail to load → "Connection was interrupted" on Time Warner HTTPS pages (https://www.timewarnercable.com/) because server is TLS 1.2/1.1 intolerant
Target Milestone: --- → mozilla37
I have the same ssllabs intolerance report (and connection problem with) https://wayfarer.timewarnercable.com (the billpay section of timewarner cable)

Updated

3 years ago
Blocks: 1126620

Comment 6

3 years ago
Minor mass change for dependencies of bug 1126620.
(filter on {bf0YGqIfJDgVDlKn3zYc})

As of bug 1114816, these sites are now whitelisted to allow for insecure fallback due to TLS version intolerance. Whilst these sites should now work with the patch applied, these bugs themselves are not actually FIXED until the server is. Moving all of these into the TE product for tracking.
Component: Security: PSM → Desktop
Product: Core → Tech Evangelism
Target Milestone: mozilla37 → ---
Version: 37 Branch → Trunk
No longer blocks: 1084025
Given that this is no longer an issue specific to Firefox 37, I'm dropping tracking and marking 37 as fixed.
status-firefox37: affected → fixed
tracking-firefox37: + → -
Looks like Time Warner fixed the sites.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.