Closed
Bug 1457761
Opened 7 years ago
Closed 7 years ago
tls13.crypto.mozilla.org fails with SSL_ERROR_PROTOCOL_VERSION_ALERT
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: xnoreq, Assigned: franziskus)
References
()
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Build ID: 20180426170554
Steps to reproduce:
Visit https://tls13.crypto.mozilla.org/.
All security.tls settings are default, which includes:
security.tls.version.max;4
Actual results:
Error SSL_ERROR_PROTOCOL_VERSION_ALERT.
Btw, this already worked at some point, even with my own webserver. Now it always falls back to TLS 1.2.
Expected results:
The page loads without error, the connection is secured by TLS 1.3.
|
||
Comment 1•7 years ago
|
||
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
20180429100420
:mt: has anything changed since bug 1304383?
(In reply to xnoreq from comment #0)
> Btw, this already worked at some point
I see no difference with a 52.0a1 Nightly build.
Has STR: --- → yes
Component: Untriaged → Security: PSM
Flags: needinfo?(martin.thomson)
Product: Firefox → Core
|
||
Comment 2•7 years ago
|
||
Franziskus, what code and configuration is tls13.crypto.m.o running?
Nightly should be at draft-28, so we should probably run that there.
Flags: needinfo?(martin.thomson) → needinfo?(franziskuskiefer)
|
Assignee | |
Comment 3•7 years ago
|
||
It's still on -26. I'll update it shortly.
Assignee: nobody → franziskuskiefer
Flags: needinfo?(franziskuskiefer)
|
|
Assignee | |
Comment 4•7 years ago
|
||
updated to -28
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Still fails.
https://tls13.crypto.mozilla.org/
-> SSL_ERROR_PROTOCOL_VERSION_ALERT
|
|
Assignee | |
Comment 6•7 years ago
|
||
This is expected to fail with 60. It works in Nightly and will work in the next Firefox beta release (61).
|
||
Comment 7•6 years ago
|
||
Current nightly 63.0 can not connect to a site running OpenSSL 1.1.1-pre9 with TLS v1.3 only.
See https://www.tls13.net/
Currect rev testing is Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0
|
|
||
Comment 8•6 years ago
|
||
Chromium can't connect either. It's because it is running the final TLS 1.3 version (Firefox is running draft -28 still).
We haven't landed the RFC 8446 changes yet. The patches are ready, but there are the usual coordination problems to overcome. It will be in 63, just be patient.
|
|
||
Comment 9•6 years ago
|
||
Yep, Rich Salz over at openssl.org confirmed with me and BugID 1485866 is a bit more data.
You need to log in
before you can comment on or make changes to this bug.
Description
•