[OCSP] [FIREWALL] SSL Error -5933 at given site

VERIFIED DUPLICATE of bug 111384

Status

Core Graveyard
Security: UI
P3
normal
VERIFIED DUPLICATE of bug 111384
16 years ago
a year ago

People

(Reporter: Alon Altman, Assigned: Stephane Saux)

Tracking

(Blocks: 1 bug)

1.0 Branch
x86
All

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

16 years ago
When trying to access given URL (credit-card company), mozilla pauses for a few
seconds and then outputs:

"Error establishing an encrypted connection to secure.cal-online.co.il error
code -5933"

Tracking the source code, it seems to be called from
http://lxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNSSIOLayer.cpp#1293
because this is the only place it's not checked to be an SEC or SSL error (which
it's not).

I can always reproduce this bug, but IIRC the site works fine on Linux.

I'm using Mozilla 2002061104 (1.1 alpha)
(Reporter)

Comment 1

16 years ago
Confirmed also under Linux 2002052918 (Mozilla 1.0)
OS: Windows 2000 → All
-> PSM
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: bsharma → junruh
Version: other → unspecified

Comment 3

16 years ago
Works for me. There were problems with the Verisign Class 3 CA in older builds, 
but this works now. Reporter, please try again with today's build.
Severity: major → normal
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Priority: -- → P3
Resolution: --- → WORKSFORME
Version: unspecified → 2.3
(Reporter)

Comment 4

16 years ago
Rechecked on today's build on WinNT 2002071708, same result.

Also, the browser does not load any pages, and will not close after visiting the
site. Requires killing the browser from task manager. Potential DoS?
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
(Reporter)

Comment 5

16 years ago
Update: this fails with paypal.com as well, but sourceforge.net works ok.

This is probably due to some kind of firewall installed here (technion.ac.il).
(Reporter)

Comment 6

16 years ago
Created attachment 91803 [details]
Packet dump of problematic connection to PayPal

I have added a tcpdump output (cut down) of the failed connection to PayPal.

Comment 7

16 years ago
Reporter, can you try a new profile, or if you are not using personal 
certificates for client authentication or secure email, delete the *.db files 
in your profile, restart the browser and try the site again?
(Reporter)

Comment 8

16 years ago
Deleted *.db in my profile, still happening with www.paypal.com.

Comment 9

16 years ago
Do you have FIPS enabled or OCSP on? 
Edit>Prefs>Privacy>Certificates>Manage Security Devices
Edit>Prefs>Privacy>Validation.

Comment 10

16 years ago
Looking at the packet dump, I can see that besides a connection to
www.paypal.com:443 there is also a connection attempt to ocsp.verisign.com:80

That means you have OCSP turned on. As a workaround, you can disable OCSP
(edit/prefs/privacy/validation).

You say there is a firewall at your place. Do you have to use a proxy to connect
to remote sites? Should a connection from your machine to ocsp.verisign.com:80
go through without using a proxy?

(Note to others looking at the bug: You can read the attachment using "tcpdump
-r filename -n")
Blocks: 157555
Summary: SSL Error -5933 at given site → [OCSP] [FIREWALL] SSL Error -5933 at given site
(Reporter)

Comment 11

16 years ago
Yes, my connection requires a firewall for non-israelli sites for port 80, and
yes one was configured (I cut the HTTP access to the firewall from the packet dump).

Also, for reading the dump, I recommend ethereal from http://www.ethereal.com
(open source). I'll check the recommendations in comment 9 as soon as I'm back
to the office (where I have these problems).

Comment 12

16 years ago
Ok, if you need a proxy, then it will not work at the moment. Please see the
duplicate bug.


*** This bug has been marked as a duplicate of 111384 ***
Status: REOPENED → RESOLVED
Last Resolved: 16 years ago16 years ago
Resolution: --- → DUPLICATE

Comment 13

16 years ago
Verified dupe.
Status: RESOLVED → VERIFIED

Updated

13 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

10 years ago
Version: psm2.3 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.