"Unknown SSL Error (-8037)" when connecting to etb.etrade.com

VERIFIED DUPLICATE of bug 110842

Status

()

--
major
VERIFIED DUPLICATE of bug 110842
17 years ago
17 years ago

People

(Reporter: andrew, Assigned: neeti)

Tracking

Trunk
x86
Windows 2000
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(3 attachments)

(Reporter)

Description

17 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.6) Gecko/20011120
BuildID:    2001112009

On 03-Dec-2001, E*Trade did something to their web servers. Prior to this date,
everything worked fine using this build of Mozilla. I use many of E-Trade's
sites and sub-sites extensively.

Anyway - after that date, connecting to <https://etb.etrade.com/> or
<http://www.etradebank.com/> (which redirects to the former site) causes an
'"Unknown SSL Error (-8037)" when connecting to etb.etrade.com' error.

Connections are fine from MSIE-5.5sp2 and Netscape-4.79.


Reproducible: Always
Steps to Reproduce:
1. Point Moz-0.9.6 to <https://etb.etrade.com/>
2. Fail to connect
3. That's it!

Actual Results:  Pop-up dialog box with the statement '"Unknown SSL Error
(-8037)" when connecting to etb.etrade.com'

Expected Results:  Expected a smooth and easy connection!

I don't know if this is a Mozilla error or an E*Trade error, but MSIE and
Netscape-4.79 like the E*Trade SSL session... I don't know what the heck E*Trade
did to their site, but...

... let's just say that I called the tech-support line, and it was a waste of
time! :-)

Comment 1

17 years ago
This works for me with build 2001-12-05-04 under W2K
Can you try with a newer nightly build from:
  http://ftp.mozilla.org/pub/mozilla/nightly/latest/
Or try with a new profile ("mozilla.exe -profileManager" from the command line)
(Reporter)

Comment 2

17 years ago
Curious - I created a new profile, and had no problem connecting! Old profile
(which I've been using for months) doesn't work, new profile does work.

I *know* I didn't change security settings or anything overnight. I do PKI and
SSL development work for my day job, after all... (grin!)

I will start looking for differences between the two profiles, both from the GUI
and the config files, and will report anything I find.

Thanks!
(Reporter)

Comment 3

17 years ago
Created attachment 60640 [details]
ssldump trace of failed connection
(Reporter)

Comment 4

17 years ago
Created attachment 60641 [details]
one of the certs dumped in the bad txn
(Reporter)

Comment 5

17 years ago
Created attachment 60642 [details]
another of the certs dumped in the bad txn
(Reporter)

Comment 6

17 years ago
Bah-ha! It turns out the culprit is the OCSP checking.

My profile has "check the OCSP responder if the cert has an AIA extension"
option selected. With this setting, the SSL connection fails. If I change the
setting to "never check OCSP responders", I can connect just fine.

Turns out that the change E-Trade made was to use a new server cert w/AIA
extensions. They were causing the lizard to barf.

An ssldump trace, along with dumped certificates, is attached for your
amusement. Generated w/ NSS-311-RTM.

Comment 7

17 years ago
I had a similar problem. I was using a profile, and I didn't change any SSL
settings, and one day stopped working for https sites giving me the SSL error
-8182. If I create a new profile, it works fine.

Mozilla/5.0 (Windows; U; Windows NT 5.0; ast-AS; rv:0.9.6) Gecko/20011120 under w2k.

Comment 8

17 years ago

*** This bug has been marked as a duplicate of 110842 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE

Comment 9

17 years ago
Verified dupe.
Status: RESOLVED → VERIFIED
QA Contact: benc → junruh
You need to log in before you can comment on or make changes to this bug.