Closed Bug 1149521 Opened 9 years ago Closed 8 years ago

Get "ssl_error_rx_malformed_server_hello" since newest nightly Version

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
40 Branch
Platform:
x86_64
Windows 8.1
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: lussnig, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Build ID: 20150330114816

Steps to reproduce:

I try to access "https://suche.org/" this worked yesterday.
And also "https://dev.ssllabs.com/ssltest/analyze.html?d=suche.org" reports no error.


Actual results:

Today i receive the error in the GUI:
"Error code: ssl_error_rx_malformed_server_hello"

SSL-Report that was generated:
{"hostname":"suche.org","port":"","timestamp":1427810106,"errorCode":-12259,"failedCertChain":[],"userAgent":"Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0","version":1,"build":"20150330114816","product":"Firefox","channel":"nightly"}
Found that the cause is NPN Extension in the ServerHello.
It is correctly send. So this is an BUG.
Are you behind a proxy of some sort? when I access that site with 40 it tries to get me to supply a client cert (I hit cancel) and then it loads fine.
Component: Networking → Security: PSM
Hi, i aktivated now the NPN extension. So you can check the error.
Since it worked before and Wireshark, Opera, IE and SslLabs tell it is ok.
I think this is an bug in Firefox and should be fixed.

It is happens with direct internet connection as well with and firewall/proxy.

Please tell me when you checked it so i can go back to work without NPN until the problem is fixed.
Hi,
i will switch NPN default of as long as Firefox nightly is broken.
But with two special url's you can switch if on off.
It works after the next SSL Handshake.
https://suche.org/page/enableNPN
https://suche.org/page/disableNPN
To activate the changed setting restart firefox so that the ssl session is cleared.
All URLs no longer work with the latest Nightly.
Hi, this is the problem if you enableNPN (because of firefox nightly it is disabled).
The next HTTPS Session fail. You can disable it with another browser (firefox stable for example).
All other browsers have no problem with the extension. The enable/disable URL works on source ip.
Is this still an issue?
Flags: needinfo?(lussnig)
Since NPN is considered as deprecated i switched if permanently off.
So for me it is no longer an issue.
Ok - thanks.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Flags: needinfo?(lussnig)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.