Closed
Bug 1179041
Opened 9 years ago
Closed 9 years ago
www.vpv.scddesjardins.com is TLS 1.1/1.2 intolerant (fails with ssl_error_bad_mac_read)
Categories
(Web Compatibility :: Site Reports, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: epinal99-bugzilla2, Unassigned)
References
()
Details
Link: https://www.vpv.scddesjardins.com/ACS/presentation.do?lang=fr&cntry=CA&dom=FED Log: https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fwww.vpv.scddesjardins.com%2FACS%2Fpresentation.do%3Flang%3Dfr%26cntry%3DCA%26dom%3DFED
Comment 1•9 years ago
|
||
Looks like the same sort of TLS 1.1/1.2 intolerance as seen in Bug 1130472: both fail with ssl_error_bad_mac_read, both have a server signature of "IBM_HTTP_Server". security.tls.version.max = 3 -> Fail security.tls.version.max = 2 -> Fail security.tls.version.max = 1 -> OK openssl s_client -connect www.vpv.scddesjardins.com:443 > CONNECTED(00000003) > depth=2 O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048) > verify error:num=19:self signed certificate in certificate chain > verify return:0 > 140477050304144:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:486: openssl s_client -connect www.vpv.scddesjardins.com:443 -no_tls1_2 > CONNECTED(00000003) > depth=2 O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048) > verify error:num=19:self signed certificate in certificate chain > verify return:0 > 139868204430992:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:486: openssl s_client -connect www.vpv.scddesjardins.com:443 -no_tls1_2 -no_tls1_1 > CONNECTED(00000003) > depth=2 O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048) > verify error:num=19:self signed certificate in certificate chain > verify return:0
Blocks: TLS-Intolerance
OS: Unspecified → All
Hardware: Unspecified → All
Summary: sends ssl_error_bad_mac_read on https://www.vpv.scddesjardins.com/ACS/presentation.do?lang=fr&cntry=CA&dom=FED → www.vpv.scddesjardins.com is TLS 1.1/1.2 intolerant (fails with ssl_error_bad_mac_read)
Comment 2•9 years ago
|
||
I wonder if it is a incorrect premaster secret version check or something else.
Assignee | ||
Updated•5 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•