Can't access "Learn more" links for secure connection failures caused by skewed system clock since SUMO pages produce a secure connection error
Categories
(support.mozilla.org :: General, defect)
Tracking
(Not tracked)
People
(Reporter: public, Unassigned)
References
Details
Attachments
(3 files)
incorrect-clock-warning.png
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Steps to reproduce:
- Change system clock to last year
- Open any HTTPS page
- Click the learn more link in the warning
Actual results:
The "learn more" link opens a page with another (more cryptic, old-style) warning, not allowing the user to learn more, until they've fixed the problem from the first warning.
Expected results:
The "learn more" link should work in some way (open an in-page popup with the information rather than try to load another https site, or use a http link for this one instance where https will not work on any page), or give some indication that the warning needs to be fixed first before the user can do anything else.
Additionally, the cryptic second warning shouldn't have been shown anyway as the incorrect clock was the actual cause, and should've been the message shown.
Incidentally, the "learn more" link from the second warning also won't work, so perhaps something in general needs to be done about giving users a link to https://support.mozilla.org, when the error is about support.mozilla.org itself, or the user can't load any HTTPS pages due to the incorrect clock.
|
||
Comment 2•5 years ago
|
||
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
20190326095147(In reply to Matt from comment #0)
The "learn more" link opens a page with another (more cryptic, old-style) warning
I can't reproduce this.
not allowing the user to learn more, until they've fixed the problem from the first warning.
That's a general issue that's not specific to incorrect date or time. Changing the summary to reflect that.
|
||
Comment 3•5 years ago
|
||
I can confirm this bug. The problem occurs when I set the computer clock back a year. When I visit https://www.facebook.com or https://blog.mozilla.org/ in Firefox 66, I see a "Your Computer Clock is Wrong" error page with a "Learn more" link to https://support.mozilla.org/1/firefox/66.0.1/WINNT/en-US/time-errors ... which in turn produces a "Secure Connection Failed" error page. When I visit https://support.mozilla.org directly, I either get a "Your Computer Clock is Wrong" error or a "Secure Connection Failed" error.
The problem doesn't occur when the system clock is set to the correct date. These test pages from https://badssl.com/ produce error pages with Learn more links to SUMO articles that work:
"Secure Connection Failed" errors: https://revoked.badssl.com/ and https://pinning-test.badssl.com/
"Did Not Connect" error: https://subdomain.preloaded-hsts.badssl.com/
(In reply to Gingerbread Man from comment #2)
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
20190326095147(In reply to Matt from comment #0)The "learn more" link opens a page with another (more cryptic, old-style) warning
I can't reproduce this.
Yes, I get the MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE error now even on HSTS sites, rather than MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE, so I'm assuming something to do with HSTS is cached somewhere. Or were the new error pages only partially rolled out when I tried before?
|
|
||
Comment 5•5 years ago
|
||
This bug looks like a duplicate of bug 1499334 (please reopen if it isn't).
|
|
||
Comment 6•5 years ago
|
||
(from comment #3)
I can confirm this bug. The problem occurs when I set the computer clock back a year. When I visit https://www.facebook.com or https://blog.mozilla.org/ in Firefox 66, I see a "Your Computer Clock is Wrong" error page with a "Learn more" link to https://support.mozilla.org/1/firefox/66.0.1/WINNT/en-US/time-errors ... which in turn produces a "Secure Connection Failed" error page. When I visit https://support.mozilla.org directly, I either get a "Your Computer Clock is Wrong" error or a "Secure Connection Failed" error.
More info: With the clock set back a year, I was seeing "Secure Connection Failed" error pages for support.mozilla.org in my normal, highly customized Firefox profile. In a newer profile, I saw a "Your Computer Clock is Wrong" error page, both for direct SUMO links and Learn more error page links. After using the "Clear Recent History" option to clear all history and site data in my normal profile, I also see "Your Computer Clock is Wrong" error pages (instead of "Secure Connection Failed") for direct SUMO links and Learn more links.
(In reply to Matt from comment #0)
The "learn more" link should work in some way (open an in-page popup with the information rather than try to load another https site, or use a http link for this one instance where https will not work on any page), or give some indication that the warning needs to be fixed first before the user can do anything else.
Even so, I still think this bug is a duplicate of of bug 1499334 since both bugs involve not being able to access Learn more links in secure connection error pages if support.mozilla.org is unreachable. Bug 1499334 suggests hiding the Learn more link.
See also bug 1314470 comment 4 from two years ago by Johann Hofmann (quote)Yeah, the fact that people might not be able to visit the "Learn More" link was discussed but nobody has come up with a better solution so far. We could make a bug, maybe someone has an idea how to solve this (without copying the whole troubleshooting page into m-c).
Description
•