When trying to access given URL (credit-card company), mozilla pauses for a few seconds and then outputs: "Error establishing an encrypted connection to secure.cal-online.co.il error code -5933" Tracking the source code, it seems to be called from http://lxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNSSIOLayer.cpp#1293 because this is the only place it's not checked to be an SEC or SSL error (which it's not). I can always reproduce this bug, but IIRC the site works fine on Linux. I'm using Mozilla 2002061104 (1.1 alpha)
Confirmed also under Linux 2002052918 (Mozilla 1.0)
Works for me. There were problems with the Verisign Class 3 CA in older builds, but this works now. Reporter, please try again with today's build.
Rechecked on today's build on WinNT 2002071708, same result. Also, the browser does not load any pages, and will not close after visiting the site. Requires killing the browser from task manager. Potential DoS?
Update: this fails with paypal.com as well, but sourceforge.net works ok. This is probably due to some kind of firewall installed here (technion.ac.il).
Created attachment 91803 [details] Packet dump of problematic connection to PayPal I have added a tcpdump output (cut down) of the failed connection to PayPal.
Reporter, can you try a new profile, or if you are not using personal certificates for client authentication or secure email, delete the *.db files in your profile, restart the browser and try the site again?
Deleted *.db in my profile, still happening with www.paypal.com.
Do you have FIPS enabled or OCSP on? Edit>Prefs>Privacy>Certificates>Manage Security Devices Edit>Prefs>Privacy>Validation.
Looking at the packet dump, I can see that besides a connection to www.paypal.com:443 there is also a connection attempt to ocsp.verisign.com:80 That means you have OCSP turned on. As a workaround, you can disable OCSP (edit/prefs/privacy/validation). You say there is a firewall at your place. Do you have to use a proxy to connect to remote sites? Should a connection from your machine to ocsp.verisign.com:80 go through without using a proxy? (Note to others looking at the bug: You can read the attachment using "tcpdump -r filename -n")
Yes, my connection requires a firewall for non-israelli sites for port 80, and yes one was configured (I cut the HTTP access to the firewall from the packet dump). Also, for reading the dump, I recommend ethereal from http://www.ethereal.com (open source). I'll check the recommendations in comment 9 as soon as I'm back to the office (where I have these problems).
Ok, if you need a proxy, then it will not work at the moment. Please see the duplicate bug. *** This bug has been marked as a duplicate of 111384 ***