From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.6) Gecko/20011120 BuildID: 2001112009 On 03-Dec-2001, E*Trade did something to their web servers. Prior to this date, everything worked fine using this build of Mozilla. I use many of E-Trade's sites and sub-sites extensively. Anyway - after that date, connecting to <https://etb.etrade.com/> or <http://www.etradebank.com/> (which redirects to the former site) causes an '"Unknown SSL Error (-8037)" when connecting to etb.etrade.com' error. Connections are fine from MSIE-5.5sp2 and Netscape-4.79. Reproducible: Always Steps to Reproduce: 1. Point Moz-0.9.6 to <https://etb.etrade.com/> 2. Fail to connect 3. That's it! Actual Results: Pop-up dialog box with the statement '"Unknown SSL Error (-8037)" when connecting to etb.etrade.com' Expected Results: Expected a smooth and easy connection! I don't know if this is a Mozilla error or an E*Trade error, but MSIE and Netscape-4.79 like the E*Trade SSL session... I don't know what the heck E*Trade did to their site, but... ... let's just say that I called the tech-support line, and it was a waste of time! :-)
This works for me with build 2001-12-05-04 under W2K Can you try with a newer nightly build from: http://ftp.mozilla.org/pub/mozilla/nightly/latest/ Or try with a new profile ("mozilla.exe -profileManager" from the command line)
Curious - I created a new profile, and had no problem connecting! Old profile (which I've been using for months) doesn't work, new profile does work. I *know* I didn't change security settings or anything overnight. I do PKI and SSL development work for my day job, after all... (grin!) I will start looking for differences between the two profiles, both from the GUI and the config files, and will report anything I find. Thanks!
Bah-ha! It turns out the culprit is the OCSP checking. My profile has "check the OCSP responder if the cert has an AIA extension" option selected. With this setting, the SSL connection fails. If I change the setting to "never check OCSP responders", I can connect just fine. Turns out that the change E-Trade made was to use a new server cert w/AIA extensions. They were causing the lizard to barf. An ssldump trace, along with dumped certificates, is attached for your amusement. Generated w/ NSS-311-RTM.
I had a similar problem. I was using a profile, and I didn't change any SSL settings, and one day stopped working for https sites giving me the SSL error -8182. If I create a new profile, it works fine. Mozilla/5.0 (Windows; U; Windows NT 5.0; ast-AS; rv:0.9.6) Gecko/20011120 under w2k.
*** This bug has been marked as a duplicate of 110842 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
QA Contact: benc → junruh
You need to log in before you can comment on or make changes to this bug.