Closed Bug 1630851 Opened 5 years ago Closed 4 years ago

Google sites don't load with http/3 enabled

Categories

(Core :: Networking: HTTP, defect, P2)

Product:
Core
Component:
Networking: HTTP
Version:
75 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox80 --- fixed

People

(Reporter: astrothayne, Assigned: grover)

References

Details

(Whiteboard: [necko-triaged])

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0

Steps to reproduce:

  1. Enable network.http.http3.enabled in about:config
  2. Go to www.google.com

Actual results:

I got a "Connection timed out" error. If I disabled network.http.http3.enabled, google sites started loading again.

Strangely after re-enabling http3 it stopped happening. so maybe it is intermitant

Expected results:

google sites should work with http/3

Component: Untriaged → Networking: HTTP
Product: Firefox → Core

Resetting severity to default of --.

Andy, can you look at this please?

Assignee: nobody → agrover
Priority: -- → P1
Whiteboard: [necko-triaged]

P1-> P2 because http3 not enabled by default.

see also bug 1629090, we're having trouble with reproducability because google is not yet enabling h3-27 via AltSvc in all geos.

Priority: P1 → P2

I have some more information on this. I encountered it again (with http/3 enabled), and when I did a hard refresh (Ctrl+Shift+R), the google site was able to load again. This suggests to me that some cache is involved.

One way to get more info is to bring up the network monitor (Ctrl-shift-E), hit F5 to refresh, then right click the header and make sure "Protocol" column is selected. Check the "eDisable cache" checkbox too. Refresh again -- this should avoid the cache. Are you seeing HTTP/3 requests being made to the Google site?ee

Flags: needinfo?(thayne)

When I get into this state, nothing shows up in the network monitor even after I refresh. (unless refreshing fixes it)

Flags: needinfo?(thayne)
See Also: → 1636479
See Also: → 1643165

I get more or less this on 80.0a1 also. If I enable http3, then google (but not other https sites!) stops working, claiming I could not validate the certificate the site sent. Even some sub-domains of google.com did work, but not the "front" search engine url.

Unsetting the http3.enable in about:config immedately made google.com work again.

And tested to re-enable http3 again as mentioned above, and it "fixed" it. Got some http3 things (ads mostly) from google even.

I see this problem, too. I re-enabled network.http.http3.enabled in yesterday's Nightly to verify whether bug 1648553 was fixed. I can no longer reproduce bug 1648553, but now Google sites (including Gmail and google.com search) eventually stop loading and Firefox reports this error message:

Secure Connection Failed

An error occurred during a connection to www.google.com.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

Non-Google sites like cnn.com load fine.

status-firefox80: --- → affected
See Also: → 1646961

(In reply to Chris Peterson [:cpeterson] from comment #10)

I see this problem, too. I re-enabled network.http.http3.enabled in yesterday's Nightly to verify whether bug 1648553 was fixed. I can no longer reproduce bug 1648553, but now Google sites (including Gmail and google.com search) eventually stop loading and Firefox reports this error message:

Secure Connection Failed

An error occurred during a connection to www.google.com.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

Non-Google sites like cnn.com load fine.

I had a quick look. So there are 2 problems:

  1. We get a PROTOCOL_VIOLATION (0xA) error from the peer. I will open a github issue for this. Recently I updated support for draft29 and draft28 by default maybe that introduce the error. Previously we only had support for 27. Support for 28 was disabled.
  2. So the peer returns that error but necko have not pick it up. This usually happens by receiving a ConnectionClosing or ConnectionClosed event. I have a feeling that this is a bug in neqo as well.

I will investigate it further.

You may have already noticed this but let me just mention that in neqo_glue/src/lib.rs we need to pass in the protocol version in use, it's hardcoded to Draft27 atm.

I think we have fixed 1 but 2 needs Neqo 0.4.6 or later. Google properties seem to work ok but not great for me now.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.