problem with SSL_RSA_WITH_3DES_EDE_CBC_SHA post ajax request

RESOLVED DUPLICATE of bug 702111

Status

()

RESOLVED DUPLICATE of bug 702111
2 years ago
2 years ago

People

(Reporter: tal.gershman, Unassigned, NeedInfo)

Tracking

52 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Steps to reproduce:

I have a tomcat in a remote server. (not localhost)
I am using https protocol with the cihper : SSL_RSA_WITH_3DES_EDE_CBC_SHA
When i am doing a post ajax request( sending data as text) that contains arrays.
I get an error in server.
I also have java 6 and tomcat 6. 

 


Actual results:

In the server my request parameter map is zero.
If i remove the protocol "https" or it i try it on chrome or IE it works fine.


Expected results:

get all the parameters that are send from the client.

Updated

2 years ago
Component: Untriaged → Networking
Product: Firefox → Core

Comment 1

2 years ago
Could you provide a live testcase?
Flags: needinfo?(tal.gershman)
(Reporter)

Comment 2

2 years ago
What exactly do you need in the live test case?

I can upload you a test environment that you can access from the browser only, is it enough for you?
  
Or do you need any server code or tomcat configuration?

Comment 3

2 years ago
I mean just a live demo (URL) on your server to reproduce the issue (like displaying error message when the test is wrong). Is it possible?
(Reporter)

Comment 4

2 years ago
str
https://aws6.mysp.com/MSP/pages/login.jsp

User: tuser
Password: FireFox1


Reproudce steps:
1. login with the user and password.

2.Click on Create Goal 

3.Input the following:
Title : "the title"
KPI:"the kpi"
End value: "100"

4.Click "create"

Then you will see the error.

Updated

2 years ago
Component: Networking → DOM

Comment 5

2 years ago
I tested a little bit with HTTP/2 disabled or TLS 1.1 instead of 1.2, it doesn't change anything.
(Reporter)

Comment 6

2 years ago
Is it an internal comment ? or this is refereed to me ?  Please clarify.
Nothing happened when I clicked "Create Goal".
(Reporter)

Comment 8

2 years ago
Did you write in the popup: all the required fields and then click create button?
(Reporter)

Comment 9

2 years ago
Well, the "Create goal" button should open a popup where you were supposed to fill up the details as i described above.

If the popup is not opening, could you please specify if there are any client errors ?

Comment 10

2 years ago
(In reply to MySP from comment #6)
> Is it an internal comment ? or this is refereed to me ?  Please clarify.

Just some tests. :) I tested with an old version of the browser, FF33, same issue too when creating the goal ticket.
I could open the popup and reproduce TypeError using the space bar instead of a mouse click.

When I set NSS_SSL_CBC_RANDOM_IV=0, TypeError disapers and I could create a Goal. (but non-working mouse issue remains. probably it is a different problem.)

This app is incompatible with 1/n-1 record splitting.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 702111
(Reporter)

Comment 13

2 years ago
I can not set NSS_SSL_CBC_RANDOM_IV = 0 in every client user i have.

I saw that this bug only have this workaround solution. I need to find another solution for this.

Does this bug will be fixed in the near future?

Maybe with another cipher that suits preference?
This is not a Firefox bug, but a server one. Therefore we will not fix the "bug". The server should either:
1. handle 1/n-1 split records correctly, or
2. (more preferably) use a more modern cipher.
(Reporter)

Comment 15

2 years ago
What ciphers can I use that do support 1/n-1 split record and also compatible with java 6 / tomcat 6.
1/n-1 split record support is nothing specific to ciphers. Your server software is making wrong assumption about reading requests from clients.
(Reporter)

Comment 17

2 years ago
This works on IE and Chrome, only Firefox it does not work.

How come this problem doesn't happen in those browser?

I have a server in AWS,tomcat 6 and Java 6.
You need to log in before you can comment on or make changes to this bug.