Closed Bug 1151575 Opened 5 years ago Closed 5 years ago is TLS 1.2 intolerant


(Web Compatibility :: Desktop, defect)

Not set


(Not tracked)



(Reporter: jbecerra, Unassigned)




A user reported that going to shows an error in the latest release version 37.0.1. The previous version 36.0 still works. In addition there isn't a user friendly work around in Firefox (if there's any), so he used Chrome to get to the site.

1. Go to

Expected: You can access the site and do your banking.

Actual: You get an error:

"Secure Connection Failed

An error occurred during a connection to SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem."

This works on 36.0, and it is a popular bank in Argentina.
Is this related to a bunch of False Start changes that landed in 37?
Flags: needinfo?(dkeeler)
Component: Security → Security: PSM
Summary: banking site no longer working in 37 → banking site no longer working in 37 (ssl_error_bad_mac_read)
Looks like TLS 1.2 intolerance (after setting security.tls.version.fallback-limit to 1 in about:config, it works for me). That site also has some other issues, like supporting client-initiated renegotiation:
Flags: needinfo?(dkeeler)
OK, I can reproduce Keeler's fix.  Here's the handshake I see in Wireshark when it breaks:

C->S: Client Hello
S->C: Server Hello, Certificate, Server Hello Done
C->S: Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
S->C: Change Cipher Spec
S->C: Alert
C->S: Alert

From that, it looks like the server is choking on the client's Finished message (the encrypted handshake message on line 3).  Since Firefox computes the handshake in the same way regardless of preferences, this suggests pretty strongly that this is a server bug. More specifically, a bug in how IBM HTTP Server (judging by the Server header in HTTP) handles Finished messages.

I'm slightly concerned that this indicates a compatibility bug with Apache, but given that we're not seeing broader brokenness, I'm going to assume this is a more localized issue, e.g., for an old version.
Closed: 5 years ago
Resolution: --- → INVALID
Usually we turn these into tech evangelism bugs in the hopes that we can reach out to sites and have them fix their servers.
Component: Security: PSM → Desktop
Product: Core → Tech Evangelism
Resolution: INVALID → ---
Summary: banking site no longer working in 37 (ssl_error_bad_mac_read) → is TLS 1.2 intolerant
Version: 37 Branch → unspecified
This could also be a regression from bug 940787.
(In reply to David Keeler [:keeler] (use needinfo?) from comment #2)
> That site also has some other issues, like supporting client-initiated renegotiation:

Wow, with results like that, I wouldn't recommend anyone using that insecure site for banking...
Works for me. SSL Labs does not report TLS 1.2 intolerance, either.
Looks like they upgraded the server. Notice that it supports secure renegotiation now.
Another bug involving the same server software is bug 1146017, and it was also quickly patched too. Notice that it also support secure renegotiation now.
The server in question still has massive issues, but for the purposes of this bug, it's fixed.
Closed: 5 years ago5 years ago
Hardware: x86 → All
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.