1128318 - SSLv3 error on https://shop.nanairo.coop/ because of the broken version negotiation of the server

Status: RESOLVED FIXED

(Web Compatibility :: Site Reports, defect)

Description

[6lobe]

User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:38.0) Gecko/20100101 Firefox/38.0
Build ID: 20150201030209

Steps to reproduce:

Visit site https://shop.nanairo.coop/


Actual results:

You get the following error message:

Unable to Connect Securely

Nightly cannot guarantee the safety of your data on shop.nanairo.coop because it uses SSLv3, a broken security protocol.
Advanced info: ssl_error_unsupported_version


Expected results:

The site should load as it supports TLS 1:

https://www.ssllabs.com/ssltest/analyze.html?d=shop.nanairo.coop

First reported here: http://forums.mozillazine.org/viewtopic.php?p=14003087#p14003087

Comment 1

[Masatoshi Kimura [:emk]]

The site depends on TLS insecure fallback to connect with TLS 1.0. If we offer TLS 1.2, the server will try to use SSLv3, so we shutdown the connection.
I'll add shop.nanairo.coop to the white list that will be introduced in bug 1128227.
But even when the site is added to the whitelist, the fallback will not still work because w removed ssl_error_unsupported_version from the fallback reason. The backout of bug 1102632 will fix this.

Comment 2

[Masatoshi Kimura [:emk]]

But we will eventually remove the workaround. The site should fix the server.

Comment 3

[Masatoshi Kimura [:emk]]

Bug 1102632 has been backed out. Now you can workaround by setting security.tls.version.fallback-limit to 1.

Comment 4

[Masatoshi Kimura [:emk]]

Fixed.