HTTP SSL "Incorrect Message Authentication Code" error

VERIFIED DUPLICATE of bug 162752

Status

P3
normal
VERIFIED DUPLICATE of bug 162752
16 years ago
2 years ago

People

(Reporter: sharding, Assigned: ssaux)

Tracking

1.0 Branch
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

16 years ago
This is an offshoot from Bug �162752 which concerns incorrect MAC errors in IMAPS.

When going to
https://www.asecureserver.com/cgi-bin/makepage.cgi?orderforma.html, I get a
dialog box with the text: "www.asecureserver.com received a message with
incorrect Message Authentication Code. If the error occurs frequently, contact
the website administrator."

The URL loads correctly in IE and wget on the same machine.

This is Mozilla build 2002082909 on Mac OS X 10.2.

Comment 1

16 years ago
Confirmed using FizzillaCFM/2002090508 on 10.1.5. It works fine using
Chimera/2002090505.
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 2

16 years ago
Confirmed with Moz1.2a (20020910) under Windows using a different server.

Updated

16 years ago
Keywords: nsbeta1
OS: MacOS X → All
Priority: -- → P3
Hardware: Macintosh → All
Version: unspecified → 2.4

Updated

16 years ago
Blocks: 169277

Comment 3

16 years ago
A workaround is to disable TLS. Edit>Prefs>Privacy>SSL

Comment 4

16 years ago
I get the same on Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1)
Gecko/20020826 on a different server.  It's odd because the server was working
earlier today, and now it's not, and I haven't changed anything on the server or
in Mozilla (though I may have checked 'save this certificate', which is the
standard snakeoil.dom dummy cert apache/modssl creates).

Comment 5

16 years ago
I tried disabling TLSv1 as junruh suggested, but that did not help.  I checked
the ssl_error_log on the server and found this bit of helpful info:

[Wed Sep 18 16:03:51 2002] [error] OpenSSL: error:1408F071:SSL
routines:SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered details
of a re-created server certificate?]
[Wed Sep 18 16:03:56 2002] [error] mod_ssl: SSL handshake failed (server
bart.tajmahome.com:443, client 63.143.133.130) (OpenSSL library error follows)
[Wed Sep 18 16:03:56 2002] [error] OpenSSL: error:1408F071:SSL
routines:SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered details
of a re-created server certificate?]
[Wed Sep 18 16:18:10 2002] [error] mod_ssl: SSL handshake failed (server
bart.tajmahome.com:443, client 63.143.133.130) (OpenSSL library error follows)

As openssl is suggesting, I think this is what's happening, since I'm using the
www.snakeoil.dom certificate - but I'm using different snakeoil.dom certificates
on different sites, as on each server I run "make certificate type=dummy" when
installing apache.  As I said above, this problem only started happening when I
clicked "remember this cert".  I tried to go in and delete the cert, but when I
clicked delete, nothing happened, and it looks like they're stored in a binary
file so I can't manually delete the cert.  Is there another way?  

For the time being I guess I'll just make a different cert for this server.

Comment 6

16 years ago
With the latest nightly build from www.mozilla.org, you can delete web site 
certs.

Comment 7

16 years ago
I also see this at "http://www.bokkilden.no". Press the green button named "LOGG
INN" on the left frame.

This error appears on 1.2a, but not on 1.1.

Comment 8

16 years ago
The site mentioned above is TLS intolerant - IBM_HTTP_Server/1.3.6.3
Apache/1.3.7-dev (Win32). Try disabling TLS.

Comment 9

16 years ago
I managed to get around the certificate problem I mentioned above by deleting
the www.snakeoil.dom certificate.  However, on another server, I get the
"Incorrect Message Authentication Code" error.  I am using Mozilla/5.0 (Windows;
U; Windows NT 5.0; en-US; rv:1.2a) Gecko/20020910.

Following is the portion of the ssl_engine_log from when I try to connect with
Mozilla:

[25/Sep/2002 16:19:25 14609] [info]  Connection to child 0 established (server
secure.alexandivy.com:443, client 63.143.133.130)
[25/Sep/2002 16:19:25 14609] [info]  Seeding PRNG with 1160 bytes of entropy
[25/Sep/2002 16:19:25 14609] [error] SSL handshake failed (server
secure.alexandivy.com:443, client 63.143.133.130) (OpenSSL library error follows)
[25/Sep/2002 16:19:25 14609] [error] OpenSSL:
error:1408F455:lib(20):func(143):reason(1109)

Following is the section of the log when I connect with IE6:

[25/Sep/2002 16:20:24 14616] [info]  Connection to child 6 established (server
secure.alexandivy.com:443, client 63.143.133.130)
[25/Sep/2002 16:20:24 14616] [info]  Seeding PRNG with 1160 bytes of entropy
[25/Sep/2002 16:20:24 14616] [info]  Connection: Client IP: 63.143.133.130,
Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
[25/Sep/2002 16:20:24 14616] [info]  Initial (No.1) HTTPS request received for
child 6 (server secure.alexandivy.com:443)
[25/Sep/2002 16:20:24 14616] [info]  Connection to child 6 closed with unclean
shutdown (server secure.alexandivy.com:443, client 63.143.133.130)

Someone above had suggested disabling TLS in Mozilla; I have done that and it
still does not work.  The last time this happened, I uninstalled Mozilla,
deleted the remaining files in the Application Data directory, and reinstalled
and it worked.  I'm going to try phoenix now and see if that works, since I
don't feel like uninstalling and reinstalling Mozilla again.

Comment 10

16 years ago
I should have added that when I connected with IE6, it worked fine.  Also, I
just tried with "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b)
Gecko/20020923 Phoenix/0.1" and it seems to work fine.

Comment 11

16 years ago
The nightly versions compiled before september seem to work well. A version
dated of 15 august works well. Why did the bug appeared? Maybe analysing chenges
in the source could help...

Comment 12

16 years ago
Sticking with the original bug, marking this a dupe of bug 162752 - TLS 
intolerant server problem.
Evan Hoffman, your problem appears to be a duplicate of bug 169696 and not 
related to TLS intolerance.

*** This bug has been marked as a duplicate of 162752 ***
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE

Comment 13

16 years ago
Verified.
Status: RESOLVED → VERIFIED

Comment 14

16 years ago
I tested the patch from bug 163605 will fix this problem.
Depends on: 163605

Updated

14 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

10 years ago
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.