Closed
Bug 1171502
Opened 10 years ago
Closed 10 years ago
Firefox fails to connect to Flash game server (regression in Firefox 39/40/41)
Categories
(Web Compatibility :: Site Reports, defect)
Tracking
(firefox38.0.5 unaffected, firefox39+ wontfix, firefox40-, firefox41- wontfix)
RESOLVED
FIXED
People
(Reporter: epinal99-bugzilla2, Unassigned)
References
Details
(Keywords: regression, site-compat)
Attachments
(1 file)
|
238.81 KB,
image/jpeg
|
Details |
error-no-connection-to-server.jpg
Regression reported on the French community board:
https://forums.mozfr.org/viewtopic.php?f=5&t=124676
STR:
1) Open https://www.gametwist.com/?lang=en
2) Log in with username "dupond2" and password "azerty123!"
3) Click on a game in section "Top Games" like "Belote" or "Rummy"
https://www.gametwist.com/Card-Games/Belote/Play.html?email=1
Result:
After the loading, the game fails to connect to server (error "No connection to server!").
The bug is present in FF39+ so it has been backported from FF41 to 39.
Regression range:
good=2015-05-23
bad=2015-05-24
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=a69094e0f2a4&tochange=d44425c6730c
status-firefox38.0.5:
--- → unaffected
tracking-firefox39:
--- → ?
tracking-firefox40:
--- → ?
tracking-firefox41:
--- → ?
Keywords: regression
|
||
Comment 1•10 years ago
|
||
Tracking enabled for 39, 40, and 41, because regression.
|
||
Comment 2•10 years ago
|
||
Can you provide an aurora regression range? I don't see obvious candidates in that nightly range.
Flags: needinfo?(epinal99-bugzilla2)
repo=mozilla-aurora
http://hg.mozilla.org/releases/mozilla-aurora/pushloghtml?fromchange=872a53f0dbae&tochange=6c5bd5f85e20
I see some NSS patches, and the game website uses SSL.
Flags: needinfo?(epinal99-bugzilla2)
That's probably that, bug 1166031 has been backported into FF39.
Tech Evang bug, with Disable DHE extension, it works.
Blocks: 1166031
|
|
||
Updated•10 years ago
|
Component: Plug-ins → Networking
|
||
Updated•10 years ago
|
Component: Networking → Security: PSM
|
||
Comment 6•10 years ago
|
||
This appears to be due to the security decisions made in Bug 1138554. The game server tries to connect to <https://ip185-16-76-33.greentube.com/crossdomain.xml>, which presents a 768-bit DH key. Because that's shorter than the 1024-bit limit established in Bug 1138554, NSS rejects the connection.
According to our data (see https://bugzilla.mozilla.org/show_bug.cgi?id=1138554#c18), this regression will occur for a very small fraction of Firefox TLS connections. Unfortunately, this site relies on one such server.
For comparison: The 1024-bit limit established in Bug 1138554 is the same as what Microsoft will be deploying in Windows 10. (Chrome is enforcing a 768-bit limit right now, so this site would still work.)
I think this is WONTFIX. The site needs to upgrade.
|
|
||
Comment 7•10 years ago
|
||
The fact that this broke a commonly used site indicates to me that we should revisit the security decision in bug 1138554, unless other browser are making the same decision and the site will be broken everywhere. We don't have the market power to break sites like this.
|
||
Comment 8•10 years ago
|
||
Also see my comments in bug 1166031.
I have emailed the support team of this website, maybe they'll join the bug report to discuss about the issue.
|
||
Comment 10•10 years ago
|
||
(In reply to Benjamin Smedberg [:bsmedberg] from comment #7)
> The fact that this broke a commonly used site indicates to me that we should
> revisit the security decision in bug 1138554, unless other browser are
> making the same decision and the site will be broken everywhere. We don't
> have the market power to break sites like this.
Microsoft is also increasing to 1024 bits:
https://technet.microsoft.com/en-us/library/security/ms15-055.aspx
|
|
||
Comment 11•10 years ago
|
||
(In reply to Eric Rescorla (:ekr) from comment #10)
> (In reply to Benjamin Smedberg [:bsmedberg] from comment #7)
> > The fact that this broke a commonly used site indicates to me that we should
> > revisit the security decision in bug 1138554, unless other browser are
> > making the same decision and the site will be broken everywhere. We don't
> > have the market power to break sites like this.
>
> Microsoft is also increasing to 1024 bits:
> https://technet.microsoft.com/en-us/library/security/ms15-055.aspx
But they mostly use ECDHE suites, not DHE.
|
|
||
Comment 12•10 years ago
|
||
(In reply to Yuhong Bao from comment #11)
> (In reply to Eric Rescorla (:ekr) from comment #10)
> > (In reply to Benjamin Smedberg [:bsmedberg] from comment #7)
> > > The fact that this broke a commonly used site indicates to me that we should
> > > revisit the security decision in bug 1138554, unless other browser are
> > > making the same decision and the site will be broken everywhere. We don't
> > > have the market power to break sites like this.
> >
> > Microsoft is also increasing to 1024 bits:
> > https://technet.microsoft.com/en-us/library/security/ms15-055.aspx
>
> But they mostly use ECDHE suites, not DHE.
I don't understand this comment. In TLS the server selects the cipher suite
out of the list offered by the client. Firefox offers ECDHE suites to the
server.
|
|
||
Comment 13•10 years ago
|
||
(In reply to Eric Rescorla (:ekr) from comment #12)
> (In reply to Yuhong Bao from comment #11)
> > (In reply to Eric Rescorla (:ekr) from comment #10)
> > > (In reply to Benjamin Smedberg [:bsmedberg] from comment #7)
> > > > The fact that this broke a commonly used site indicates to me that we should
> > > > revisit the security decision in bug 1138554, unless other browser are
> > > > making the same decision and the site will be broken everywhere. We don't
> > > > have the market power to break sites like this.
> > >
> > > Microsoft is also increasing to 1024 bits:
> > > https://technet.microsoft.com/en-us/library/security/ms15-055.aspx
> >
> > But they mostly use ECDHE suites, not DHE.
>
> I don't understand this comment. In TLS the server selects the cipher suite
> out of the list offered by the client. Firefox offers ECDHE suites to the
> server.
And I am talking about what SChannel generally supports.
|
|
||
Comment 14•10 years ago
|
||
What ECDHE cipher suites do you believe that SChannel supports that Firefox does not?
|
|
||
Comment 15•10 years ago
|
||
I am talking about the lack of DHE cipher suites.
|
|
||
Comment 16•10 years ago
|
||
(In reply to Yuhong Bao from comment #15)
> I am talking about the lack of DHE cipher suites.
Can you please elaborate on what you think the difference between IE and
Firefox is here.
I.e.:
1. What cipher suites is IE offering and what cipher suite the server selects.
2. What cipher suites is Firefox offering and what what cipher suite the server selects.
Does IE on Windows 10 work with the server that is in this bug?
|
|
||
Comment 17•10 years ago
|
||
The only DHE suite SChannel offers (ignoring DSS) is TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
|
|
||
Comment 18•10 years ago
|
||
(In reply to Yuhong Bao from comment #17)
> The only DHE suite SChannel offers (ignoring DSS) is
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Great. Do you have measurements that show that there are a significant fraction of servers which will break with Firefox but not with IE?
|
|
||
Comment 19•10 years ago
|
||
No, but one common software that uses 768-bit DHE is Java 7 and older, and that don't support GCM cipher suites at all.
|
||
Comment 20•10 years ago
|
||
At this point, from discussion with rbarnes, it sounds like the decision is to keep the 1028-bit limit.
status-firefox39:
--- → wontfix
|
||
Comment 21•10 years ago
|
||
Is there a way to force nss to accept a shorter DH key? My school's SMTP server apparently uses a shorter key and I can't force them to do otherwise (though I have certainly asked), so for the moment I have no way to send email other than to downgrade to a previous nss version (which in my case also involves downgrading OS completely...).
|
||
Updated•10 years ago
|
Keywords: site-compat
|
|
||
Comment 23•10 years ago
|
||
I'd like to untrack this for FF41 and mark it as won't fix based on comment 6. Please re-nominate for tracking in FF41 if that decision changes.
status-firefox41:
--- → wontfix
|
|
||
Comment 24•10 years ago
|
||
Fixed.
|
Reporter | |
Comment 25•10 years ago
|
||
Status: NEW → RESOLVED
Closed: 10 years ago
Component: Security: PSM → Desktop
Product: Core → Tech Evangelism
Resolution: --- → FIXED
Version: 39 Branch → Firefox 39
|
Assignee | |
Updated•6 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•