Closed
Bug 1160817
Opened 10 years ago
Closed 10 years ago
"Secure Connection Failed" at https://saml.yammer.com/ in Nightly (unless I flip security.tls.unrestricted_rc4_fallback to "true")
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1160122
| Tracking | Status | |
|---|---|---|
| firefox40 | --- | affected |
People
(Reporter: dholbert, Unassigned)
References
Details
Attachments
(2 files)
screenshot of Firefox Release vs. Nightly
Yammer's having issues right now, and their error page won't load in Nightly, but it loads in Firefox Release.
STR:
1. Load https://saml.yammer.com/
ACTUAL RESULTS:
Firefox error page, "Secure Connection Failed"
EXPECTED RESULTS:
A successful connection (to a yammer error page).
|
Reporter | |
Comment 1•10 years ago
|
||
|
|
Reporter | |
Comment 2•10 years ago
|
||
|
|
Reporter | |
Comment 3•10 years ago
|
||
(I submitted an error report, via the "report this error" link on the Secure Connection Failed page, FWIW. I'm hoping that captures enough information that we can triage this even after this yammer page is back up.)
SSL Labs gives them a "B" right now, FWIW:
https://www.ssllabs.com/ssltest/analyze.html?d=saml.yammer.com
I initially suspected this might be an instance of bug 1138101 (rc4 dependence), but SSL Labs page shows they support some non-RC4 ciphers:
{
Cipher Suites (sorted by strength; the server has no preference)
TLS_RSA_WITH_RC4_128_MD5 (0x4) WEAK 128
TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) WEAK 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 571 bits (eq. 15360 bits RSA) FS 128
}
|
|
Reporter | |
Comment 4•10 years ago
|
||
(In reply to Daniel Holbert [:dholbert] from comment #3)
> I initially suspected this might be an instance of bug 1138101 (rc4
> dependence), but SSL Labs page shows they support some non-RC4 ciphers:
...though I can confirm that flipping security.tls.unrestricted_rc4_fallback to "true" fixes this. (makes Nightly behave like Firefox Release)
Tentatively marking as blocking bug 1138101, but I'm confused why we're failing to connect with this pref off, given that this yammer server supports non-rc4 ciphers per comment 3.
Blocks: RC4-Dependence
|
|
Reporter | |
Updated•10 years ago
|
Summary: "Secure Connection Failed" at https://saml.yammer.com/ in Nightly (working in Release) → "Secure Connection Failed" at https://saml.yammer.com/ in Nightly (unless I flip security.tls.unrestricted_rc4_fallback to "true")
|
|
Reporter | |
Comment 5•10 years ago
|
||
I'm hoping this makes more sense to :keeler or :emk.
|
||
Comment 6•10 years ago
|
||
(In reply to Daniel Holbert [:dholbert] from comment #4)
> (In reply to Daniel Holbert [:dholbert] from comment #3)
> > I initially suspected this might be an instance of bug 1138101 (rc4
> > dependence), but SSL Labs page shows they support some non-RC4 ciphers:
>
> ...though I can confirm that flipping security.tls.unrestricted_rc4_fallback
> to "true" fixes this. (makes Nightly behave like Firefox Release)
>
> Tentatively marking as blocking bug 1138101, but I'm confused why we're
> failing to connect with this pref off, given that this yammer server
> supports non-rc4 ciphers per comment 3.
See Bug 1160122 comment 4: none of the non-RC4 cipher suites are supported by Firefox.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•