Closed Bug 1590610 Opened 6 years ago Closed 6 years ago

Website loading hangs on TLS handshake after using PIV card login

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
70 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: torstenvl, Unassigned, NeedInfo)

Details

Attachments

(7 files)

Screen Shot 2019-10-22 at 20.39.04.png
590.35 KB, image/png
Details
Screenshots
669.27 KB, image/png
Details
Screen Shot 2019-10-24 at 23.19.10.png
696.95 KB, image/png
Details
FFX - Hang when accessing OWA.txt
103.89 KB, text/plain
Details
FFX - Network Hang after PIV Login.txt
114.02 KB, text/plain
Details
FFX - Network Hang after PIV Login 2.txt
109.35 KB, text/plain
Details
FFX - Application Hang on Quit after Network Hang.txt
92.73 KB, text/plain
Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Steps to reproduce:

(1) Log onto a secure website using a PIV token or CAC card (e.g., https://owa.usmc.mil/owa/).
(2) Close the tab and wait ~60s.
(3) Attempt to open any other secure website.

Actual results:

Network hang on "Performing a TLS handshake..." followed by timeout message.

Expected results:

Load website.

Component: Untriaged → Networking: HTTP
Product: Firefox → Core

Dana, could you take a look?
Thanks.

Component: Networking: HTTP → Security: PSM
Flags: needinfo?(dkeeler)

What does "log onto a secure website" mean - does the token pin prompt come up? Does the client certificate selection dialog come up? If so, can you attach a packet trace of the TLS handshake? What does "any other secure website" mean? Other websites that require client certificate authentication? Or any other https website?
Also, can you please do the following when the hang occurs:

  1. set devtools.chrome.enabled to true in about:config
  2. check if there are any errors in the browser console (cmd + shift + j)
  3. run the following in the browser console to deliberately crash Firefox so we can have a look at what's running when that hang occurs:
Cu.import("resource://gre/modules/ctypes.jsm");
let zero = new ctypes.intptr_t(8);
let badptr = ctypes.cast(zero, ctypes.PointerType(ctypes.int32_t));
badptr.contents;

(submit the crash report and then link to it in this bug)
Thanks!

Flags: needinfo?(dkeeler) → needinfo?(torstenvl)

Yes. When one logs onto a secure website using a PIV token/CAC card, the pin and client certificate selection dialogs come up (in that order).

Your suggested next steps are not possible, because Firefox hangs. Spinning beach ball of death, no response to cmd + shift + j, no response to anything.

Flags: needinfo?(torstenvl)
Attached image Screenshots

Nothing at all that looks useful.

Error message when attempting to deliberately crash Firefox...

Flags: needinfo?(torstenvl)

The priority flag is not set for this bug.
:keeler, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(dkeeler)

Thanks! Unfortunately without symbols those stack traces don't tell me much. Can you repeat that using Nightly? (https://www.mozilla.org/en-US/firefox/channel/desktop/)

Flags: needinfo?(dkeeler) → needinfo?(torstenvl)
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: