Closed Bug 113649 Opened 23 years ago Closed 23 years ago

"Unknown SSL Error (-8037)" when connecting to etb.etrade.com

Categories

(Core :: Networking, defect)

x86
Windows 2000
defect
Not set
major

Tracking

()

VERIFIED DUPLICATE of bug 110842

People

(Reporter: andrew, Assigned: neeti)

References

()

Details

Attachments

(3 files)

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.6) Gecko/20011120
BuildID:    2001112009

On 03-Dec-2001, E*Trade did something to their web servers. Prior to this date,
everything worked fine using this build of Mozilla. I use many of E-Trade's
sites and sub-sites extensively.

Anyway - after that date, connecting to <https://etb.etrade.com/> or
<http://www.etradebank.com/> (which redirects to the former site) causes an
'"Unknown SSL Error (-8037)" when connecting to etb.etrade.com' error.

Connections are fine from MSIE-5.5sp2 and Netscape-4.79.


Reproducible: Always
Steps to Reproduce:
1. Point Moz-0.9.6 to <https://etb.etrade.com/>
2. Fail to connect
3. That's it!

Actual Results:  Pop-up dialog box with the statement '"Unknown SSL Error
(-8037)" when connecting to etb.etrade.com'

Expected Results:  Expected a smooth and easy connection!

I don't know if this is a Mozilla error or an E*Trade error, but MSIE and
Netscape-4.79 like the E*Trade SSL session... I don't know what the heck E*Trade
did to their site, but...

... let's just say that I called the tech-support line, and it was a waste of
time! :-)
This works for me with build 2001-12-05-04 under W2K
Can you try with a newer nightly build from:
  http://ftp.mozilla.org/pub/mozilla/nightly/latest/
Or try with a new profile ("mozilla.exe -profileManager" from the command line)
Curious - I created a new profile, and had no problem connecting! Old profile
(which I've been using for months) doesn't work, new profile does work.

I *know* I didn't change security settings or anything overnight. I do PKI and
SSL development work for my day job, after all... (grin!)

I will start looking for differences between the two profiles, both from the GUI
and the config files, and will report anything I find.

Thanks!
Bah-ha! It turns out the culprit is the OCSP checking.

My profile has "check the OCSP responder if the cert has an AIA extension"
option selected. With this setting, the SSL connection fails. If I change the
setting to "never check OCSP responders", I can connect just fine.

Turns out that the change E-Trade made was to use a new server cert w/AIA
extensions. They were causing the lizard to barf.

An ssldump trace, along with dumped certificates, is attached for your
amusement. Generated w/ NSS-311-RTM.
I had a similar problem. I was using a profile, and I didn't change any SSL
settings, and one day stopped working for https sites giving me the SSL error
-8182. If I create a new profile, it works fine.

Mozilla/5.0 (Windows; U; Windows NT 5.0; ast-AS; rv:0.9.6) Gecko/20011120 under w2k.

*** This bug has been marked as a duplicate of 110842 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Verified dupe.
Status: RESOLVED → VERIFIED
QA Contact: benc → junruh
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: