Closed
Bug 1488240
Opened 6 years ago
Closed 6 years ago
"ssl_error_rx_malformed_server_hello" on some major websites (including twitter)
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(geckoview62 unaffected, firefox-esr60 unaffected, firefox62 wontfix, firefox63 wontfix, firefox64- wontfix)
RESOLVED
INVALID
Tracking | Status | |
---|---|---|
geckoview62 | --- | unaffected |
firefox-esr60 | --- | unaffected |
firefox62 | --- | wontfix |
firefox63 | --- | wontfix |
firefox64 | - | wontfix |
People
(Reporter: hsinyuanp, Unassigned, NeedInfo)
References
Details
(Keywords: regression, site-compat)
Attachments
(4 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0 Build ID: 20180830123124 Steps to reproduce: ( Try to access https://www.ifanr.com/ and found some resource in https://images.ifanr.cn/ isn't 'available' ) Try to access "https://images.ifanr.cn/" and it doesn't work. But "https://dev.ssllabs.com/ssltest/analyze.html?d=images.ifanr.cn&latest" and other browsers reports no error. Actual results: Suddenly I receive the error infomation in GUI: SSL_ERROR_RX_MALFORMED_SERVER_HELLO
Reporter | ||
Updated•6 years ago
|
OS: Unspecified → Windows 10
Hardware: Unspecified → x86_64
Comment 1•6 years ago
|
||
Should be the same as bug 1487150 but I'm unsure if this page is hosted by akamai.
Assignee: nobody → nobody
Blocks: 1470914
Status: UNCONFIRMED → NEW
Component: Untriaged → Libraries
Ever confirmed: true
Product: Firefox → NSS
Version: 63 Branch → other
(In reply to Matthias Versen [:Matti] from comment #1) > Should be the same as bug 1487150 but I'm unsure if this page is hosted by > akamai. No it is not akamai, but aicdn.com: > ;; QUESTION SECTION: > ;images.ifanr.cn. IN A > > ;; ANSWER SECTION: > images.ifanr.cn. 21599 IN CNAME ifanr-cdn.b0.aicdn.com.
Comment 3•6 years ago
|
||
I think this may be related to your cdn provider: upyun.com. Because I found another domain with the same problem: https://www.kancloud.cn/ And also, the cdn provider is upyun.com. This may be the case.
I was able to reproduce the issue with site with TLS 1.3 draft 18 enabled.
Comment 5•6 years ago
|
||
* imworld.rediff.com * newsimg.rediff.com * 1.www.s81c.com * www.ibm.com
Updated•6 years ago
|
See Also: → https://webcompat.com/issues/18892
Updated•6 years ago
|
Comment 6•6 years ago
|
||
Most sites here work for me. With the different TLS 1.3 draft versions out there and Firefox only supporting one (from version 63 that's the RFC version), some breakage is to expect.
Comment 7•6 years ago
|
||
This is not correct. There should not be any breakage. If there is, there's a bug somewhere. Current evidence is that this is a server-side problem.
Updated•6 years ago
|
QA Contact: franziskuskiefer
See Also: → https://webcompat.com/issues/19266
Comment 8•6 years ago
|
||
Starting today on Nightly I'm seeing this same problem on Twitter and on https://www.gog.com, where they're unable to load some of their static assets. mozregression brought me here, or rather to bug 1470914. I go to both of these sites every day, so I know the problem started today. I did find that turning security.tls.version.max down to 3 makes the problem go away. Unfortunately I don't have any error code, there isn't one on the error page I get when I try to load one of the failing resources directly in a tab. Since bug 1470914 obviously did not land in today's Nightly, that also indicates a server-side change as the source of the problem.
Comment 9•6 years ago
|
||
Since last night I've had issues loading assets from many different CDNs in Nightly on two different machines that I don't have with Release or Chrome on the same two machines. assets from ap.rdcpix.com were blocked, per the network devtools, when visiting realtor.com and several, if not all, assets from pbs.twimg.com were blocked when visiting twitter
Comment 10•6 years ago
|
||
Can you please provide a specific URL that wasn't working?
Comment 11•6 years ago
|
||
https://ap.rdcpix.com/1192990534/bda0533826680135f4339d9f2e7bfd6cl-m0sd-w480_h480_q60.jpg https://www.tumblr.com/
Comment 12•6 years ago
|
||
I am not able to reproduce this on either Nightly or Beta. What platform are you on? Specifically, do you have some kind of AV?
Comment 13•6 years ago
|
||
Windows 10 for me, and no AV beyond the built-in Defender stuff.
Comment 14•6 years ago
|
||
Hmm... I am unable to reproduce this on a Mac. Can you please provide a PCAP file?
Comment 15•6 years ago
|
||
Here's an attempt to load twitter.com from a fresh profile (probably with a bunch of noise in it because I'm not quite sure what's relevant and what isn't).
Comment 16•6 years ago
|
||
I also have this problem with twitter.com, tumblr.com, and komonews.com. Seems to have started today. firefox-62.0-3.fc28.x86_64 (Fedora 28 64-bit)
Comment 17•6 years ago
|
||
Comment 18•6 years ago
|
||
major site breakage starting today in nightly (don't see it in a new profile in 63.0b).
status-firefox64:
--- → affected
tracking-firefox64:
--- → ?
Updated•6 years ago
|
Keywords: site-compat
Comment 23•6 years ago
|
||
Confirmed the regression range. Ctrl+F5, repeat. mozregression --good 2018-08-10 --bad 2018-10-12 --pref network.http.request.max-attempts:1 -a https://abs.twimg.com/a/1539134078/css/t1/twitter_core.bundle.css > 7:04.90 INFO: Last good revision: b5ebdb085efaf31a4f00159334c2d23679e5fa27 > 7:04.90 INFO: First bad revision: 4a4b97e9087ca8ebed570bbc8591e4515eebee93 > 7:04.90 INFO: Pushlog: > https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=b5ebdb085efaf31a4f00159334c2d23679e5fa27&tochange=4a4b97e9087ca8ebed570bbc8591e4515eebee93 > 4a4b97e9087c Kai Engert — Bug 1470914, NSS_3_39_BETA2, r=me
status-firefox62:
--- → unaffected
status-firefox63:
--- → affected
status-firefox-esr60:
--- → unaffected
status-geckoview62:
--- → unaffected
Keywords: regression
OS: Windows 10 → All
Hardware: x86_64 → All
Comment 24•6 years ago
|
||
Another site: https://www.geforce.com fails to load. This apparently uses EdgeCast CDN. One thing I noticed with all these domains is that they still have the green lock icon even though the body of the window says the secure connection failed. It seems that if the browser can't securely connect to a site it should maybe not have a green lock on it?
Comment 25•6 years ago
|
||
This is now in the Web Compatibility bug list - https://github.com/webcompat/web-bugs/issues/19694 and https://webcompat.com/issues/19700
Comment 26•6 years ago
|
||
[Tracking Requested - why for this release]: Twitter connection error. (comment 23) Beta 63.0b14, 20181011200118 @ Debian Testing, KDE, Xorg Easily reproducible with network.http.request.max-attempts;1.
tracking-firefox63:
--- → ?
Comment 27•6 years ago
|
||
This capture is a single failed connection for https://abs.twimg.com/favicons/favicon.ico. Hopefully this is easier to read than the other one with the full twitter.com page load.
Comment 28•6 years ago
|
||
(In reply to Jan Andre Ikenmeyer [:darkspirit] from comment #26) > [Tracking Requested - why for this release]: Twitter connection error. > (comment 23) > > Beta 63.0b14, 20181011200118 @ Debian Testing, KDE, Xorg > Easily reproducible with network.http.request.max-attempts;1. Hmm... I just tried exactly this on Ubuntu and it worked fine. :mhowell @c27: that pcap is kind of messed up, but it doesn't look like there is a bogus ServerHello.
Comment 29•6 years ago
|
||
Hmm.... Can someone who is experiencing this confirm that they are seeing ssl_error_rx_malformed_server_hello as opposed to some other error? Because otherwise this may be a different defect and we should open a new bug.
Comment 30•6 years ago
|
||
:darkspirit, :mhowell, are you able to try with NSS directly? Might be able to get some traction there. If you can, try this: ## The following is all prep # Build NSS hg clone https://hg.mozilla.org/projects/nss hg clone https://hg.mozilla.org/projects/nspr cd nss make nss_build_all export PLATFORM=`cat $NSS_ROOT/dist/latest` export DYLD_LIBRARY_PATH=$NSS_ROOT/dist/$PLATFORM/lib export LD_LIBRARY_PATH=$NSS_ROOT/dist/$PLATFORM/lib # Run NSS tests (this creates the cert db. Sorry about that). cd tests/ssl_gtests ./ssl_gtests.sh # Now run the test ../dist/$PLATFORM/bin/tstclnt -d ../tests_results/security/$HOST/ssl_gtests/ -V tls1.2:tls1.3 -o -h <hostname> -p port
Comment 31•6 years ago
|
||
(In reply to Matt Howell [:mhowell] from comment #8) > Starting today on Nightly I'm seeing this same problem on Twitter and on > https://www.gog.com, where they're unable to load some of their static > assets. mozregression brought me here, or rather to bug 1470914. I go to > both of these sites every day, so I know the problem started today. > > I did find that turning security.tls.version.max down to 3 makes the problem > go away. Unfortunately I don't have any error code, there isn't one on the > error page I get when I try to load one of the failing resources directly in > a tab. > > Since bug 1470914 obviously did not land in today's Nightly, that also > indicates a server-side change as the source of the problem. This setting fixed it for me - Nightly installed locally from Mozilla download, 64 bit, Arch Linux
Comment hidden (typo) |
Comment 33•6 years ago
|
||
(In reply to Eric Rescorla (:ekr) from comment #29) > Hmm.... Can someone who is experiencing this confirm that they are seeing ssl_error_rx_malformed_server_hello as opposed to some other error? Because otherwise this may be a different defect and we should open a new bug. In comment 23 I see the error from comment 17. security.tls.version.max;3 seems to fix this, but also network.http.spdy.enabled.http2;false. > $ ../dist/$PLATFORM/bin/tstclnt -d ../tests_results/security/nss.1/ssl_gtests/ -V tls1.2:tls1.3 -o -h abs.twimg.com -p 443 > Bad server certificate: -8179, Peer's Certificate issuer is not recognized. > subject DN: CN=*.twimg.com,OU=Twitter Security,O="Twitter, Inc.",L=San Francisco,ST=California,C=US > issuer DN: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US > 0 cache hits; 0 cache misses, 0 cache not reusable > 0 stateless resumes > Received 0 Cert Status items (OCSP stapled data)
Comment 34•6 years ago
|
||
:darkspirit, can you confirm for me that if you leave security.tls.version.max;4 and set network.http.spdy.enabled.http2;false then it works? Because if so that's a real clue!
Flags: needinfo?(jan)
Comment 35•6 years ago
|
||
I can verify that setting just network.http.spdy.enabled.http2;false and leaving security.tls.version.max at 4 does work for me.
Comment 37•6 years ago
|
||
:mhowell, :darkspirit, that's interesting! I've hackily modified the NSS test programs to do ALPN. Branch at: https://github.com/ekr/nss/commits/alpn_in_tctclnt No promises this code isn't messed up, but it worked for me... Can you try the same test but with the additional command line flag to tstclnt: -B h2:http/1.1 If it works, you should get something like: ALPN negotiated: h2 As part of the output.
Comment 38•6 years ago
|
||
But even better news if it doesn't work!
Flags: needinfo?(mhowell)
Flags: needinfo?(jan)
Comment 39•6 years ago
|
||
I believe the problem here is on the Twitter side. We're negotiating TLS 1.3, but for some reason it thinks that the cipher we're negotiating isn't permissible (e.g., it's one of the banned ciphers from HTTP/2) and sending us INADEQUATE_SECURITY. Here are the relevant pieces of the Firefox network traces [Parent 28876: Socket Thread]: I/nsHttp Http2Session::ConfirmTLSProfile 0x13517f000 mConnection=0x13eecb260 [Parent 28876: Socket Thread]: I/nsHttp Http2Session::ConfirmTLSProfile 0x13517f000 sslsocketcontrol=0x1427c40f8 [Parent 28876: Socket Thread]: I/nsHttp Http2Session::ConfirmTLSProfile 0x13517f000 version=304 [Parent 28876: Socket Thread]: I/nsHttp Http2Session::ConfirmTLSProfile 0x13517f000 MAC Algortihm (aead==6) 6 This here means we negotiated TLS 1.3 All the TLS 1.3 algorithms are acceptable for HTTP2. In a separate packet trace from NSS we see that we are negotiating TLS_AES_256_GCM_SHA384 [Parent 28876: Socket Thread]: I/nsHttp Http2Session::RecvGoAway 0x13517f000 GOAWAY Last-Good-ID 0x0 status 0xC live streams=0 And this is us receiving a GoAway with an INADEQUATE_SECURITY(0xc) error and tearing down the connection.
Flags: needinfo?(mhowell)
Flags: needinfo?(jan)
Comment hidden (me-too) |
Comment 41•6 years ago
|
||
Trying to understand the scope of this so we can better escalate. Is this a sporadic problem or is it for a certain set of users? We haven't heard too many reports so I'm wondering what triggered it. Is it only present in Firefox Beta?
Comment 42•6 years ago
|
||
(In reply to charlie.croom from comment #41) > Trying to understand the scope of this so we can better escalate. Is this a > sporadic problem or is it for a certain set of users? We haven't heard too > many reports so I'm wondering what triggered it. Is it only present in > Firefox Beta? Hi Charlie, thanks for jumping on this. It seems to be confined to a certain set of users for whom it happens reliably. Our hypothesis is that they are getting differently configured CDN nodes (with TLS 1.3 on). So perhaps you have some sort of partial rollout going on? When I connect myself I get no problems but also TLS 1.2. Based on c9, I believe the problem is confined to Beta and Nightly. With that said, Firefox 64 (Beta) goes to Release 10/22, so this is going to be a problem in Release shortly.
Comment 43•6 years ago
|
||
Thanks for the context. Given that, I won't wake anyone up over this. But I'll make sure it gets in front of the right people on Monday so that we can convey the issue to edge cast.
Comment 44•6 years ago
|
||
Anyone visiting Twitter or TweetDeck from Firefox will see this, I think - I had it show up on both Nightly 64 and Firefox 62. It also showed up on https://webcompat.com/ - I filed a bug there but it wasn't the first. That's why you're seeing all the interest and duplicate bugs on this suddenly.
Comment 45•6 years ago
|
||
There is also a thread about this going on the firefox subreddit at https://www.reddit.com/r/firefox/comments/9nmnio/twitter_css_does_not_seem_to_load_properly_in/ but I don't know how may of those posts are duplicated in the above duplicated bugs or in webcompat.com.
Comment 47•6 years ago
|
||
(In reply to charlie.croom from comment #43) > Thanks for the context. Given that, I won't wake anyone up over this. But > I'll make sure it gets in front of the right people on Monday so that we can > convey the issue to edge cast. All images are broken on Twitter for me, since this morning. Basically unable to make use of Twitter, to rephrase it.
Comment 48•6 years ago
|
||
It brokoke armorgames.com site loading static resources from cache.armorgames.com ect. BUT why does the result differ based on ISP I try? While it's broken on my fast ethernet connection, when tethering mobile Internet site loads properly...? Different CDN server? Timeouts?
Comment 50•6 years ago
|
||
Charlie: based on c8 above, it sounds like there may be a problem with Release. znmeb can you re-confirm it happens in 62? c48: it seems like the problem here is that CDN nodes are broken and others are not.
Flags: needinfo?(znmeb)
Flags: needinfo?(charlie.croom)
Updated•6 years ago
|
Severity: normal → blocker
Summary: Get "ssl_error_rx_malformed_server_hello" since 63.0b2 in some site → "ssl_error_rx_malformed_server_hello" on some major websites (including twitter)
Comment 51•6 years ago
|
||
I can't repro on Twitter anymore/at the moment, but still on https://wac.edgecastcdn.net/ with Nightly 64, Beta 63.0b14 and OpenSSL 1.1.1, but (so far) not with Release 62.0.3.
Comment 52•6 years ago
|
||
Here you go - it's still there. I did a "Refresh Firefox" before the screenshot. Application Basics ------------------ Name: Firefox Version: 62.0.3 Build ID: 20181003120558 User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 OS: Linux 4.18.12-arch1-1-ARCH Multiprocess Windows: 2/2 (Enabled by default) Web Content Processes: 4/4 Enterprise Policies: Inactive Google Key: Found Mozilla Location Service Key: Found Safe Mode: false Crash Reports for the Last 3 Days --------------------------------- All Crash Reports Firefox Features -------------------------------------- Name: Activity Stream Version: 2018.08.22.1219-93becf29 ID: activity-stream@mozilla.org Name: Application Update Service Helper Version: 2.0 ID: aushelper@mozilla.org Name: Firefox Screenshots Version: 33.0.0 ID: screenshots@mozilla.org Name: Form Autofill Version: 1.0 ID: formautofill@mozilla.org Name: Photon onboarding Version: 1.0 ID: onboarding@mozilla.org Name: Pocket Version: 1.0.5 ID: firefox@getpocket.com Name: Web Compat Version: 2.0 ID: webcompat@mozilla.org Name: WebCompat Reporter Version: 1.0.0 ID: webcompat-reporter@mozilla.org Extensions ---------- Security Software ----------------- Type: Type: Type: Graphics -------- Features Compositing: Basic Asynchronous Pan/Zoom: wheel input enabled; scrollbar drag enabled; keyboard enabled; autoscroll enabled WebGL 1 Driver WSI Info: GLX 1.4 GLX_VENDOR(client): Mesa Project and SGI GLX_VENDOR(server): SGI Extensions: GLX_ARB_create_context GLX_ARB_create_context_profile GLX_ARB_create_context_robustness GLX_ARB_fbconfig_float GLX_ARB_framebuffer_sRGB GLX_ARB_get_proc_address GLX_ARB_multisample GLX_EXT_buffer_age GLX_EXT_create_context_es2_profile GLX_EXT_create_context_es_profile GLX_EXT_fbconfig_packed_float GLX_EXT_framebuffer_sRGB GLX_EXT_import_context GLX_EXT_texture_from_pixmap GLX_EXT_visual_info GLX_EXT_visual_rating GLX_INTEL_swap_event GLX_MESA_copy_sub_buffer GLX_MESA_query_renderer GLX_MESA_swap_control GLX_OML_swap_method GLX_OML_sync_control GLX_SGIS_multisample GLX_SGIX_fbconfig GLX_SGIX_pbuffer GLX_SGIX_visual_select_group GLX_SGI_make_current_read GLX_SGI_swap_control GLX_SGI_video_sync WebGL 1 Driver Renderer: X.Org -- AMD Radeon HD 7700 Series (BONAIRE, DRM 3.26.0, 4.18.12-arch1-1-ARCH, LLVM 7.0.0) WebGL 1 Driver Version: 4.4 (Compatibility Profile) Mesa 18.2.2 WebGL 1 Driver Extensions: GL_AMD_conservative_depth GL_AMD_draw_buffers_blend GL_AMD_performance_monitor GL_AMD_pinned_memory GL_AMD_seamless_cubemap_per_texture GL_AMD_shader_stencil_export GL_AMD_shader_trinary_minmax GL_AMD_vertex_shader_layer GL_AMD_vertex_shader_viewport_index GL_ANGLE_texture_compression_dxt3 GL_ANGLE_texture_compression_dxt5 GL_APPLE_packed_pixels GL_ARB_ES2_compatibility GL_ARB_ES3_1_compatibility GL_ARB_ES3_compatibility GL_ARB_arrays_of_arrays GL_ARB_base_instance GL_ARB_bindless_texture GL_ARB_blend_func_extended GL_ARB_buffer_storage GL_ARB_clear_buffer_object GL_ARB_clear_texture GL_ARB_clip_control GL_ARB_color_buffer_float GL_ARB_compatibility GL_ARB_compressed_texture_pixel_storage GL_ARB_compute_shader GL_ARB_compute_variable_group_size GL_ARB_conditional_render_inverted GL_ARB_conservative_depth GL_ARB_copy_buffer GL_ARB_copy_image GL_ARB_cull_distance GL_ARB_debug_output GL_ARB_depth_buffer_float GL_ARB_depth_clamp GL_ARB_depth_texture GL_ARB_derivative_control GL_ARB_draw_buffers GL_ARB_draw_buffers_blend GL_ARB_draw_elements_base_vertex GL_ARB_draw_indirect GL_ARB_draw_instanced GL_ARB_enhanced_layouts GL_ARB_explicit_attrib_location GL_ARB_explicit_uniform_location GL_ARB_fragment_coord_conventions GL_ARB_fragment_layer_viewport GL_ARB_fragment_program GL_ARB_fragment_program_shadow GL_ARB_fragment_shader GL_ARB_framebuffer_no_attachments GL_ARB_framebuffer_object GL_ARB_framebuffer_sRGB GL_ARB_get_program_binary GL_ARB_get_texture_sub_image GL_ARB_gpu_shader5 GL_ARB_gpu_shader_fp64 GL_ARB_half_float_pixel GL_ARB_half_float_vertex GL_ARB_indirect_parameters GL_ARB_instanced_arrays GL_ARB_internalformat_query GL_ARB_internalformat_query2 GL_ARB_invalidate_subdata GL_ARB_map_buffer_alignment GL_ARB_map_buffer_range GL_ARB_multi_bind GL_ARB_multi_draw_indirect GL_ARB_multisample GL_ARB_multitexture GL_ARB_occlusion_query GL_ARB_occlusion_query2 GL_ARB_pipeline_statistics_query GL_ARB_pixel_buffer_object GL_ARB_point_parameters GL_ARB_point_sprite GL_ARB_polygon_offset_clamp GL_ARB_program_interface_query GL_ARB_provoking_vertex GL_ARB_query_buffer_object GL_ARB_robust_buffer_access_behavior GL_ARB_robustness GL_ARB_sample_shading GL_ARB_sampler_objects GL_ARB_seamless_cube_map GL_ARB_seamless_cubemap_per_texture GL_ARB_separate_shader_objects GL_ARB_shader_atomic_counter_ops GL_ARB_shader_atomic_counters GL_ARB_shader_ballot GL_ARB_shader_bit_encoding GL_ARB_shader_clock GL_ARB_shader_draw_parameters GL_ARB_shader_group_vote GL_ARB_shader_image_load_store GL_ARB_shader_image_size GL_ARB_shader_objects GL_ARB_shader_precision GL_ARB_shader_stencil_export GL_ARB_shader_storage_buffer_object GL_ARB_shader_subroutine GL_ARB_shader_texture_image_samples GL_ARB_shader_texture_lod GL_ARB_shader_viewport_layer_array GL_ARB_shading_language_100 GL_ARB_shading_language_420pack GL_ARB_shading_language_packing GL_ARB_shadow GL_ARB_sparse_buffer GL_ARB_stencil_texturing GL_ARB_sync GL_ARB_tessellation_shader GL_ARB_texture_barrier GL_ARB_texture_border_clamp GL_ARB_texture_buffer_object GL_ARB_texture_buffer_object_rgb32 GL_ARB_texture_buffer_range GL_ARB_texture_compression GL_ARB_texture_compression_bptc GL_ARB_texture_compression_rgtc GL_ARB_texture_cube_map GL_ARB_texture_cube_map_array GL_ARB_texture_env_add GL_ARB_texture_env_combine GL_ARB_texture_env_crossbar GL_ARB_texture_env_dot3 GL_ARB_texture_filter_anisotropic GL_ARB_texture_float GL_ARB_texture_gather GL_ARB_texture_mirror_clamp_to_edge GL_ARB_texture_mirrored_repeat GL_ARB_texture_multisample GL_ARB_texture_non_power_of_two GL_ARB_texture_query_levels GL_ARB_texture_query_lod GL_ARB_texture_rectangle GL_ARB_texture_rg GL_ARB_texture_rgb10_a2ui GL_ARB_texture_stencil8 GL_ARB_texture_storage GL_ARB_texture_storage_multisample GL_ARB_texture_swizzle GL_ARB_texture_view GL_ARB_timer_query GL_ARB_transform_feedback2 GL_ARB_transform_feedback3 GL_ARB_transform_feedback_instanced GL_ARB_transform_feedback_overflow_query GL_ARB_transpose_matrix GL_ARB_uniform_buffer_object GL_ARB_vertex_array_bgra GL_ARB_vertex_array_object GL_ARB_vertex_attrib_64bit GL_ARB_vertex_attrib_binding GL_ARB_vertex_buffer_object GL_ARB_vertex_program GL_ARB_vertex_shader GL_ARB_vertex_type_10f_11f_11f_rev GL_ARB_vertex_type_2_10_10_10_rev GL_ARB_viewport_array GL_ARB_window_pos GL_ATI_blend_equation_separate GL_ATI_draw_buffers GL_ATI_fragment_shader GL_ATI_meminfo GL_ATI_separate_stencil GL_ATI_texture_compression_3dc GL_ATI_texture_env_combine3 GL_ATI_texture_float GL_ATI_texture_mirror_once GL_EXT_abgr GL_EXT_bgra GL_EXT_blend_color GL_EXT_blend_equation_separate GL_EXT_blend_func_separate GL_EXT_blend_minmax GL_EXT_blend_subtract GL_EXT_compiled_vertex_array GL_EXT_copy_texture GL_EXT_depth_bounds_test GL_EXT_draw_buffers2 GL_EXT_draw_instanced GL_EXT_draw_range_elements GL_EXT_fog_coord GL_EXT_framebuffer_blit GL_EXT_framebuffer_multisample GL_EXT_framebuffer_multisample_blit_scaled GL_EXT_framebuffer_object GL_EXT_framebuffer_sRGB GL_EXT_gpu_program_parameters GL_EXT_memory_object GL_EXT_memory_object_fd GL_EXT_multi_draw_arrays GL_EXT_packed_depth_stencil GL_EXT_packed_float GL_EXT_packed_pixels GL_EXT_pixel_buffer_object GL_EXT_point_parameters GL_EXT_polygon_offset_clamp GL_EXT_provoking_vertex GL_EXT_rescale_normal GL_EXT_secondary_color GL_EXT_semaphore GL_EXT_semaphore_fd GL_EXT_separate_specular_color GL_EXT_shader_integer_mix GL_EXT_shadow_funcs GL_EXT_stencil_two_side GL_EXT_stencil_wrap GL_EXT_subtexture GL_EXT_texture GL_EXT_texture3D GL_EXT_texture_array GL_EXT_texture_compression_dxt1 GL_EXT_texture_compression_latc GL_EXT_texture_compression_rgtc GL_EXT_texture_compression_s3tc GL_EXT_texture_cube_map GL_EXT_texture_edge_clamp GL_EXT_texture_env_add GL_EXT_texture_env_combine GL_EXT_texture_env_dot3 GL_EXT_texture_filter_anisotropic GL_EXT_texture_integer GL_EXT_texture_lod_bias GL_EXT_texture_mirror_clamp GL_EXT_texture_object GL_EXT_texture_rectangle GL_EXT_texture_sRGB GL_EXT_texture_sRGB_decode GL_EXT_texture_shared_exponent GL_EXT_texture_snorm GL_EXT_texture_swizzle GL_EXT_timer_query GL_EXT_transform_feedback GL_EXT_vertex_array GL_EXT_vertex_array_bgra GL_IBM_multimode_draw_arrays GL_IBM_rasterpos_clip GL_IBM_texture_mirrored_repeat GL_INGR_blend_func_separate GL_KHR_blend_equation_advanced GL_KHR_context_flush_control GL_KHR_debug GL_KHR_no_error GL_KHR_robust_buffer_access_behavior GL_KHR_robustness GL_KHR_texture_compression_astc_ldr GL_MESA_pack_invert GL_MESA_shader_integer_functions GL_MESA_texture_signed_rgba GL_MESA_window_pos GL_NVX_gpu_memory_info GL_NV_blend_square GL_NV_conditional_render GL_NV_depth_clamp GL_NV_fog_distance GL_NV_light_max_exponent GL_NV_packed_depth_stencil GL_NV_primitive_restart GL_NV_texgen_reflection GL_NV_texture_barrier GL_NV_texture_env_combine4 GL_NV_texture_rectangle GL_NV_vdpau_interop GL_OES_EGL_image GL_OES_read_format GL_S3_s3tc GL_SGIS_generate_mipmap GL_SGIS_texture_border_clamp GL_SGIS_texture_edge_clamp GL_SGIS_texture_lod GL_SUN_multi_draw_arrays WebGL 1 Extensions: ANGLE_instanced_arrays EXT_blend_minmax EXT_color_buffer_half_float EXT_frag_depth EXT_sRGB EXT_shader_texture_lod EXT_texture_filter_anisotropic EXT_disjoint_timer_query OES_element_index_uint OES_standard_derivatives OES_texture_float OES_texture_float_linear OES_texture_half_float OES_texture_half_float_linear OES_vertex_array_object WEBGL_color_buffer_float WEBGL_compressed_texture_astc WEBGL_compressed_texture_etc WEBGL_compressed_texture_s3tc WEBGL_compressed_texture_s3tc_srgb WEBGL_debug_renderer_info WEBGL_debug_shaders WEBGL_depth_texture WEBGL_draw_buffers WEBGL_lose_context WebGL 2 Driver WSI Info: GLX 1.4 GLX_VENDOR(client): Mesa Project and SGI GLX_VENDOR(server): SGI Extensions: GLX_ARB_create_context GLX_ARB_create_context_profile GLX_ARB_create_context_robustness GLX_ARB_fbconfig_float GLX_ARB_framebuffer_sRGB GLX_ARB_get_proc_address GLX_ARB_multisample GLX_EXT_buffer_age GLX_EXT_create_context_es2_profile GLX_EXT_create_context_es_profile GLX_EXT_fbconfig_packed_float GLX_EXT_framebuffer_sRGB GLX_EXT_import_context GLX_EXT_texture_from_pixmap GLX_EXT_visual_info GLX_EXT_visual_rating GLX_INTEL_swap_event GLX_MESA_copy_sub_buffer GLX_MESA_query_renderer GLX_MESA_swap_control GLX_OML_swap_method GLX_OML_sync_control GLX_SGIS_multisample GLX_SGIX_fbconfig GLX_SGIX_pbuffer GLX_SGIX_visual_select_group GLX_SGI_make_current_read GLX_SGI_swap_control GLX_SGI_video_sync WebGL 2 Driver Renderer: X.Org -- AMD Radeon HD 7700 Series (BONAIRE, DRM 3.26.0, 4.18.12-arch1-1-ARCH, LLVM 7.0.0) WebGL 2 Driver Version: 4.5 (Core Profile) Mesa 18.2.2 WebGL 2 Driver Extensions: GL_AMD_conservative_depth GL_AMD_draw_buffers_blend GL_AMD_performance_monitor GL_AMD_pinned_memory GL_AMD_seamless_cubemap_per_texture GL_AMD_shader_stencil_export GL_AMD_shader_trinary_minmax GL_AMD_vertex_shader_layer GL_AMD_vertex_shader_viewport_index GL_ANGLE_texture_compression_dxt3 GL_ANGLE_texture_compression_dxt5 GL_ARB_ES2_compatibility GL_ARB_ES3_1_compatibility GL_ARB_ES3_2_compatibility GL_ARB_ES3_compatibility GL_ARB_arrays_of_arrays GL_ARB_base_instance GL_ARB_bindless_texture GL_ARB_blend_func_extended GL_ARB_buffer_storage GL_ARB_clear_buffer_object GL_ARB_clear_texture GL_ARB_clip_control GL_ARB_color_buffer_float GL_ARB_compressed_texture_pixel_storage GL_ARB_compute_shader GL_ARB_compute_variable_group_size GL_ARB_conditional_render_inverted GL_ARB_conservative_depth GL_ARB_copy_buffer GL_ARB_copy_image GL_ARB_cull_distance GL_ARB_debug_output GL_ARB_depth_buffer_float GL_ARB_depth_clamp GL_ARB_derivative_control GL_ARB_direct_state_access GL_ARB_draw_buffers GL_ARB_draw_buffers_blend GL_ARB_draw_elements_base_vertex GL_ARB_draw_indirect GL_ARB_draw_instanced GL_ARB_enhanced_layouts GL_ARB_explicit_attrib_location GL_ARB_explicit_uniform_location GL_ARB_fragment_coord_conventions GL_ARB_fragment_layer_viewport GL_ARB_fragment_shader GL_ARB_framebuffer_no_attachments GL_ARB_framebuffer_object GL_ARB_framebuffer_sRGB GL_ARB_get_program_binary GL_ARB_get_texture_sub_image GL_ARB_gpu_shader5 GL_ARB_gpu_shader_fp64 GL_ARB_gpu_shader_int64 GL_ARB_half_float_pixel GL_ARB_half_float_vertex GL_ARB_indirect_parameters GL_ARB_instanced_arrays GL_ARB_internalformat_query GL_ARB_internalformat_query2 GL_ARB_invalidate_subdata GL_ARB_map_buffer_alignment GL_ARB_map_buffer_range GL_ARB_multi_bind GL_ARB_multi_draw_indirect GL_ARB_occlusion_query2 GL_ARB_pipeline_statistics_query GL_ARB_pixel_buffer_object GL_ARB_point_sprite GL_ARB_polygon_offset_clamp GL_ARB_program_interface_query GL_ARB_provoking_vertex GL_ARB_query_buffer_object GL_ARB_robust_buffer_access_behavior GL_ARB_robustness GL_ARB_sample_shading GL_ARB_sampler_objects GL_ARB_seamless_cube_map GL_ARB_seamless_cubemap_per_texture GL_ARB_separate_shader_objects GL_ARB_shader_atomic_counter_ops GL_ARB_shader_atomic_counters GL_ARB_shader_ballot GL_ARB_shader_bit_encoding GL_ARB_shader_clock GL_ARB_shader_draw_parameters GL_ARB_shader_group_vote GL_ARB_shader_image_load_store GL_ARB_shader_image_size GL_ARB_shader_objects GL_ARB_shader_precision GL_ARB_shader_stencil_export GL_ARB_shader_storage_buffer_object GL_ARB_shader_subroutine GL_ARB_shader_texture_image_samples GL_ARB_shader_texture_lod GL_ARB_shader_viewport_layer_array GL_ARB_shading_language_420pack GL_ARB_shading_language_packing GL_ARB_sparse_buffer GL_ARB_stencil_texturing GL_ARB_sync GL_ARB_tessellation_shader GL_ARB_texture_barrier GL_ARB_texture_buffer_object GL_ARB_texture_buffer_object_rgb32 GL_ARB_texture_buffer_range GL_ARB_texture_compression_bptc GL_ARB_texture_compression_rgtc GL_ARB_texture_cube_map_array GL_ARB_texture_filter_anisotropic GL_ARB_texture_float GL_ARB_texture_gather GL_ARB_texture_mirror_clamp_to_edge GL_ARB_texture_multisample GL_ARB_texture_non_power_of_two GL_ARB_texture_query_levels GL_ARB_texture_query_lod GL_ARB_texture_rectangle GL_ARB_texture_rg GL_ARB_texture_rgb10_a2ui GL_ARB_texture_stencil8 GL_ARB_texture_storage GL_ARB_texture_storage_multisample GL_ARB_texture_swizzle GL_ARB_texture_view GL_ARB_timer_query GL_ARB_transform_feedback2 GL_ARB_transform_feedback3 GL_ARB_transform_feedback_instanced GL_ARB_transform_feedback_overflow_query GL_ARB_uniform_buffer_object GL_ARB_vertex_array_bgra GL_ARB_vertex_array_object GL_ARB_vertex_attrib_64bit GL_ARB_vertex_attrib_binding GL_ARB_vertex_shader GL_ARB_vertex_type_10f_11f_11f_rev GL_ARB_vertex_type_2_10_10_10_rev GL_ARB_viewport_array GL_ATI_blend_equation_separate GL_ATI_meminfo GL_ATI_texture_float GL_ATI_texture_mirror_once GL_EXT_abgr GL_EXT_blend_equation_separate GL_EXT_depth_bounds_test GL_EXT_draw_buffers2 GL_EXT_draw_instanced GL_EXT_framebuffer_blit GL_EXT_framebuffer_multisample GL_EXT_framebuffer_multisample_blit_scaled GL_EXT_framebuffer_sRGB GL_EXT_memory_object GL_EXT_memory_object_fd GL_EXT_packed_depth_stencil GL_EXT_packed_float GL_EXT_pixel_buffer_object GL_EXT_polygon_offset_clamp GL_EXT_provoking_vertex GL_EXT_semaphore GL_EXT_semaphore_fd GL_EXT_shader_integer_mix GL_EXT_texture_array GL_EXT_texture_compression_dxt1 GL_EXT_texture_compression_rgtc GL_EXT_texture_compression_s3tc GL_EXT_texture_filter_anisotropic GL_EXT_texture_integer GL_EXT_texture_mirror_clamp GL_EXT_texture_sRGB GL_EXT_texture_sRGB_decode GL_EXT_texture_shared_exponent GL_EXT_texture_snorm GL_EXT_texture_swizzle GL_EXT_timer_query GL_EXT_transform_feedback GL_EXT_vertex_array_bgra GL_IBM_multimode_draw_arrays GL_KHR_blend_equation_advanced GL_KHR_context_flush_control GL_KHR_debug GL_KHR_no_error GL_KHR_robust_buffer_access_behavior GL_KHR_robustness GL_KHR_texture_compression_astc_ldr GL_MESA_pack_invert GL_MESA_shader_integer_functions GL_MESA_texture_signed_rgba GL_NVX_gpu_memory_info GL_NV_conditional_render GL_NV_depth_clamp GL_NV_packed_depth_stencil GL_NV_texture_barrier GL_NV_vdpau_interop GL_OES_EGL_image GL_S3_s3tc WebGL 2 Extensions: EXT_color_buffer_float EXT_texture_filter_anisotropic EXT_disjoint_timer_query OES_texture_float_linear WEBGL_compressed_texture_astc WEBGL_compressed_texture_etc WEBGL_compressed_texture_s3tc WEBGL_compressed_texture_s3tc_srgb WEBGL_debug_renderer_info WEBGL_debug_shaders WEBGL_lose_context GPU #1 Active: Yes Description: X.Org -- AMD Radeon HD 7700 Series (BONAIRE, DRM 3.26.0, 4.18.12-arch1-1-ARCH, LLVM 7.0.0) Vendor ID: X.Org Device ID: AMD Radeon HD 7700 Series (BONAIRE, DRM 3.26.0, 4.18.12-arch1-1-ARCH, LLVM 7.0.0) Driver Version: 4.4 (Compatibility Profile) Mesa 18.2.2 Diagnostics AzureCanvasAccelerated: 0 AzureCanvasBackend: skia AzureContentBackend: skia AzureFallbackCanvasBackend: none CairoUseXRender: 0 Decision Log HW_COMPOSITING: blocked by default: Acceleration blocked by platform OPENGL_COMPOSITING: unavailable by default: Hardware compositing is disabled WEBRENDER: opt-in by default: WebRender is an opt-in feature unavailable by runtime: Hardware compositing is disabled OMTP: disabled by default: Disabled by default Media ----- Audio Backend: remote Max Channels: 2 Preferred Sample Rate: 44100 Output Devices Name: Group Built-in Audio Digital Stereo (IEC958): /devices/pci0000:00/0000:00:14.2/sound/card0 Input Devices Name: Group Monitor of Built-in Audio Digital Stereo (IEC958): /devices/pci0000:00/0000:00:14.2/sound/card0 Built-in Audio Analog Stereo: /devices/pci0000:00/0000:00:14.2/sound/card0 Important Modified Preferences ------------------------------ browser.cache.disk.capacity: 1048576 browser.cache.disk.filesystem_reported: 1 browser.cache.disk.smart_size.first_run: false browser.places.smartBookmarksVersion: 8 browser.startup.homepage_override.buildID: 20181003120558 browser.startup.homepage_override.mstone: 62.0.3 browser.urlbar.placeholderName: Google extensions.lastAppVersion: 62.0.3 media.gmp.storage.version.observed: 1 network.cookie.prefsMigrated: true places.history.expiration.transient_current_max_pages: 144831 plugin.disable_full_page_plugin_for_types: application/pdf privacy.sanitize.pending: [{"id":"newtab-container","itemsToClear":[],"options":{}}] security.sandbox.content.tempDirSuffix: 4f4612d0-9db5-438e-a164-80ca03db1458 signon.importedFromSqlite: true Important Locked Preferences ---------------------------- Places Database --------------- JavaScript ---------- Incremental GC: true Accessibility ------------- Activated: false Prevent Accessibility: 0 Library Versions ---------------- NSPR Expected minimum version: 4.20 Version in use: 4.20 NSS Expected minimum version: 3.39 Version in use: 3.39 NSSSMIME Expected minimum version: 3.39 Version in use: 3.39 NSSSSL Expected minimum version: 3.39 Version in use: 3.39 NSSUTIL Expected minimum version: 3.39 Version in use: 3.39 Sandbox ------- Seccomp-BPF (System Call Filtering): true Seccomp Thread Synchronization: true User Namespaces for privileged processes: true User Namespaces: false Content Process Sandboxing: true Media Plugin Sandboxing: true Content Process Sandbox Level: 4 Effective Content Process Sandbox Level: 4 Rejected System Calls --------------------- Internationalization & Localization ----------------------------------- Application Settings Requested Locales: ["en-US"] Available Locales: ["en-US"] App Locales: ["en-US","und"] Regional Preferences: ["en-US"] Default Locale: "und" Operating System System Locales: ["en-US"] Regional Preferences: ["en-US"]
Flags: needinfo?(znmeb)
Comment 53•6 years ago
|
||
(In reply to Eric Rescorla (:ekr) from comment #50) > Charlie: based on c8 above, it sounds like there may be a problem with > Release. znmeb can you re-confirm it happens in 62? > > c48: it seems like the problem here is that CDN nodes are broken and others > are not. I'm not znmeb, but I can confirm it happens on 62.0.3, Debian unstable.
Comment 54•6 years ago
|
||
(In reply to braiamp from comment #53) > (In reply to Eric Rescorla (:ekr) from comment #50) > > Charlie: based on c8 above, it sounds like there may be a problem with > > Release. znmeb can you re-confirm it happens in 62? > > > > c48: it seems like the problem here is that CDN nodes are broken and others > > are not. > > I'm not znmeb, but I can confirm it happens on 62.0.3, Debian unstable. Confirmed on 62 on Arch Linux - see screenshot
Updated•6 years ago
|
Comment hidden (typo) |
Comment 56•6 years ago
|
||
(In reply to znmeb from comment #52) > NSPR > Expected minimum version: 4.20 > Version in use: 4.20 > > NSS > Expected minimum version: 3.39 > Version in use: 3.39 https://download-installer.cdn.mozilla.net/pub/firefox/releases/62.0.3/linux-x86_64/de/firefox-62.0.3.tar.bz2 Official Firefox 62.0.3 has a different NSS version. That might be why I can't repro. NSPR Minimal vorausgesetzte Version: 4.19 Verwendete Version: 4.19 NSS Minimal vorausgesetzte Version: 3.38 Verwendete Version: 3.38 NSSSMIME Minimal vorausgesetzte Version: 3.38 Verwendete Version: 3.38 NSSSSL Minimal vorausgesetzte Version: 3.38 Verwendete Version: 3.38 NSSUTIL Minimal vorausgesetzte Version: 3.38 Verwendete Version: 3.38
Comment 57•6 years ago
|
||
This happens on https://www.tutorialspoint.com/ too.
Comment 58•6 years ago
|
||
Hi, TLS team lead for VDMS here. We've rolled back the change that creates this issue and we're investigating on our side. Thanks for the info and apologies for the disruption.
Comment 59•6 years ago
|
||
Now it works for me on both twitter and tutorialspoint. Thanks Marcus!
Comment 60•6 years ago
|
||
Now works for me on my-verizon: https://www.verizonwireless.com/my-verizon/
Comment 61•6 years ago
|
||
Franziskus, please take the lead on this.
Assignee: nobody → franziskuskiefer
Status: NEW → ASSIGNED
Comment 62•6 years ago
|
||
Tracking for 63 in case we have a dot release between 63 and 64 and we would have to take a ride-along fix.
Comment 63•6 years ago
|
||
Un-assigning from Franziskus, as the legwork was already done and per Comment 58 there's an upstream update. We'll see if we need to make any changes on our side.
Assignee: franziskuskiefer → nobody
Status: ASSIGNED → NEW
Updated•6 years ago
|
Updated•6 years ago
|
Comment 64•6 years ago
|
||
Untracking and wontfix for 63 since this is fixed upstream.
tracking-firefox63:
+ → ---
Updated•6 years ago
|
Updated•6 years ago
|
Comment 65•6 years ago
|
||
Resolving as invalid, since as far as I can tel this wasn't our bug.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
Comment hidden (spam) |
Comment hidden (spam) |
Comment hidden (spam) |
You need to log in
before you can comment on or make changes to this bug.
Description
•