Closed
Bug 113649
Opened 23 years ago
Closed 23 years ago
"Unknown SSL Error (-8037)" when connecting to etb.etrade.com
Categories
(Core :: Networking, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 110842
People
(Reporter: andrew, Assigned: neeti)
References
()
Details
Attachments
(3 files)
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.6) Gecko/20011120 BuildID: 2001112009 On 03-Dec-2001, E*Trade did something to their web servers. Prior to this date, everything worked fine using this build of Mozilla. I use many of E-Trade's sites and sub-sites extensively. Anyway - after that date, connecting to <https://etb.etrade.com/> or <http://www.etradebank.com/> (which redirects to the former site) causes an '"Unknown SSL Error (-8037)" when connecting to etb.etrade.com' error. Connections are fine from MSIE-5.5sp2 and Netscape-4.79. Reproducible: Always Steps to Reproduce: 1. Point Moz-0.9.6 to <https://etb.etrade.com/> 2. Fail to connect 3. That's it! Actual Results: Pop-up dialog box with the statement '"Unknown SSL Error (-8037)" when connecting to etb.etrade.com' Expected Results: Expected a smooth and easy connection! I don't know if this is a Mozilla error or an E*Trade error, but MSIE and Netscape-4.79 like the E*Trade SSL session... I don't know what the heck E*Trade did to their site, but... ... let's just say that I called the tech-support line, and it was a waste of time! :-)
This works for me with build 2001-12-05-04 under W2K Can you try with a newer nightly build from: http://ftp.mozilla.org/pub/mozilla/nightly/latest/ Or try with a new profile ("mozilla.exe -profileManager" from the command line)
Curious - I created a new profile, and had no problem connecting! Old profile (which I've been using for months) doesn't work, new profile does work. I *know* I didn't change security settings or anything overnight. I do PKI and SSL development work for my day job, after all... (grin!) I will start looking for differences between the two profiles, both from the GUI and the config files, and will report anything I find. Thanks!
Bah-ha! It turns out the culprit is the OCSP checking. My profile has "check the OCSP responder if the cert has an AIA extension" option selected. With this setting, the SSL connection fails. If I change the setting to "never check OCSP responders", I can connect just fine. Turns out that the change E-Trade made was to use a new server cert w/AIA extensions. They were causing the lizard to barf. An ssldump trace, along with dumped certificates, is attached for your amusement. Generated w/ NSS-311-RTM.
I had a similar problem. I was using a profile, and I didn't change any SSL settings, and one day stopped working for https sites giving me the SSL error -8182. If I create a new profile, it works fine. Mozilla/5.0 (Windows; U; Windows NT 5.0; ast-AS; rv:0.9.6) Gecko/20011120 under w2k.
Comment 8•23 years ago
|
||
*** This bug has been marked as a duplicate of 110842 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•