Closed Bug 1485866 Opened 6 years ago Closed 6 years ago

Firefox nightly 63.0 can not connect to TLS v1.3 site www.tls13.net which runs OpenSSL 1.1.1-pre9

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
63 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1483129

People

(Reporter: dclarke, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0 Build ID: 20180823100106 Steps to reproduce: Attempt to reach site https://www.tls13.net/ Actual results: Secure Connection Failed An error occurred during a connection to www.tls13.net. Peer reports incompatible or unsupported protocol version. Error code: SSL_ERROR_PROTOCOL_VERSION_ALERT Expected results: Normal page should have been displayed which worked fine with OpenSSL 1.1.1-pre7 and also OpenSSL 1.1.1-pre8 with no other changes to Apache server config.
Seems similar to Bug 1457761 however tls13.crypto.mozilla.org may not have the same TLS v1.3 final protocol spec in place.
Follow up from Rich Salz at openssl.org : Date: Fri, 24 Aug 2018 02:12:02 +0000 Subject: Re: [openssl-users] OpenSSL 1.1.1 pre-7 or pre-8 connect to 1.1.1 pre-9 oddity? From: "Salz, Rich via openssl-users" <openssl-users@openssl.org> > I find it interesting that openssl 1.1.1-pre7 can not connect to a > server which has openssl 1.1.1-pre9 in place. Nor can Firefox nightly. This is to be expected. Pre-9 implements the official RFC version of TLS 1.3, while the earlier beta releases implement drafts. One of the major differences between the RFC and the drafts, is that (a) they don't interoperate, by design; and (b) fallback is an error. ------ clear enough So at this point Firefox nightly needs adjustment. https://www.tls13.net/ supports TLS 1.3 only. Dennis Clarke dclarke@blastwave.org
Component: Networking → Security: PSM
As noted in bug 1457761 comment 8 this is to expect and will change once the changes got landed. You can follow changes to NSS in Firefox for 63 in bug 1470914.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.