Closed Bug 1184054 Opened 10 years ago Closed 9 years ago

Secure Connection Failed when trying to export db from phpmyadmin at https://phpmyadmin.ovh.net/

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: flod, Unassigned)

Details

(Whiteboard: [psm-waiting])

Problem was reported by a friend and I've spent a few hours trying to figure out the issue without luck. I connect to https://phpmyadmin.ovh.net/ and access phpmyadmin. I can browse tables, but when I try to export: * If I select "Rapid" I get a "Connection is not trusted error" after pressing the button. * If I select "Customized" and select all tables same error. * If I select "Customized" and select one or two table, I get the file without errors. I checked the certificates but couldn't see anything useful https://www.ssllabs.com/ssltest/analyze.html?d=phpmyadmin.ovh.net/ I don't see anything in the Network monitor about other domains. Needless to say, when contacted the support said that it's a "known problem" with Firefox and suggested to use Chrome, which works just fine.
(In reply to Francesco Lodolo [:flod] from comment #0) > * If I select "Rapid" I get a "Connection is not trusted error" after > pressing the button. > * If I select "Customized" and select all tables same error. > * If I select "Customized" and select one or two table, I get the file > without errors. Clarification: the error appears after pressing the button to start the export. It's also not a timeout issue, since the message appears immediately.
Is this still an issue?
Flags: needinfo?(francesco.lodolo)
(In reply to David Keeler [:keeler] (use needinfo?) from comment #2) > Is this still an issue? Yes. Steps in comment 1 can still be reproduced.
Flags: needinfo?(francesco.lodolo)
FWIW, https://www.ssllabs.com/ssltest/analyze.html?d=phpmyadmin.ovh.net/ claims that the server (213.186.33.28) is TLS 1.0 only, intolerant to at least TLS 1.1 and TLS 1.2 and vulnerable to POODLE TLS. I haven't looked much into this so I'm not saying Firefox isn't at fault, but the server doesn't look bug free either. (In reply to Francesco Lodolo [:flod] from comment #0) > * If I select "Rapid" I get a "Connection is not trusted error" after > pressing the button. Is a specific error code displayed? Text mentioning "interrupted"? (Maybe a screenshot would help.) I would try to reproduce the issue myself, but I don't have the credentials, and I don't how/if I obtain them.
Flags: needinfo?(francesco.lodolo)
No, absolutely no information on the error is displayed, only the generic error. The flag to send errors to Mozilla is checked, not sure if someone has access to those errors.
Flags: needinfo?(francesco.lodolo)
If you add "phpmyaddmin.ovh.net" to the pref "security.tls.insecure_fallback_hosts" in about:config, does it work?
Flags: needinfo?(francesco.lodolo)
(In reply to David Keeler [:keeler] (use needinfo?) from comment #6) > If you add "phpmyaddmin.ovh.net" to the pref > "security.tls.insecure_fallback_hosts" in about:config, does it work? Er, "phpmyadmin.ovh.net", rather.
It doesn't change anything. Also true that, after I change the value in about:config, if I switch tab and go back, or restart the browser, that key reset to blank. Unfortunately I have access data but they're not mine, so can't really share (they're from a friend). If you can ping me on IRC next week starting Tuesday (considering I'm in EU timezone), we can try to do some more tests 'live'.
Flags: needinfo?(francesco.lodolo)
Maybe some packet traces from wireshark would help - both from Chrome connecting successfully and Firefox resulting in the secure connection failed page. Thanks!
Flags: needinfo?(francesco.lodolo)
(In reply to David Keeler [:keeler] (use needinfo?) from comment #9) > Maybe some packet traces from wireshark would help - both from Chrome > connecting successfully and Firefox resulting in the secure connection > failed page. Thanks! Any documentation on how and detail on the kind of the information that I should record?
Flags: needinfo?(francesco.lodolo)
Here's wireshark: https://www.wireshark.org/download.html There's some documentation here: https://www.wireshark.org/docs/ All you really need to do is start a new capture on whatever network interface you're using, connect to the site, stop capturing packets, and save the capture. It can be helpful to limit the packets captured using the filter "tcp port 443".
(In reply to David Keeler [:keeler] (use needinfo?) from comment #11) > Here's wireshark: https://www.wireshark.org/download.html > There's some documentation here: https://www.wireshark.org/docs/ > All you really need to do is start a new capture on whatever network > interface you're using, connect to the site, stop capturing packets, and > save the capture. It can be helpful to limit the packets captured using the > filter "tcp port 443". I went in to test and it looks like they completely changed the UI (and probably some back-end), and I can't get the error anymore. Will check with the original reporter and close the bug is nobody can't reproduce it anymore.
Whiteboard: [psm-waiting]
(In reply to Francesco Lodolo [:flod] from comment #12) > > I went in to test and it looks like they completely changed the UI (and > probably some back-end), and I can't get the error anymore. Will check with > the original reporter and close the bug is nobody can't reproduce it anymore. positive feedback?
Flags: needinfo?(francesco.lodolo)
I'm unable to reproduce, and didn't get any more feedback from the original reporter. Marking as WORKSFORME at this point.
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(francesco.lodolo)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.