Closed
Bug 166931
Opened 22 years ago
Closed 22 years ago
HTTP SSL "Incorrect Message Authentication Code" error
Categories
(Core Graveyard :: Security: UI, defect, P3)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 162752
People
(Reporter: sharding, Assigned: ssaux)
References
()
Details
This is an offshoot from Bug �162752 which concerns incorrect MAC errors in IMAPS. When going to https://www.asecureserver.com/cgi-bin/makepage.cgi?orderforma.html, I get a dialog box with the text: "www.asecureserver.com received a message with incorrect Message Authentication Code. If the error occurs frequently, contact the website administrator." The URL loads correctly in IE and wget on the same machine. This is Mozilla build 2002082909 on Mac OS X 10.2.
Confirmed using FizzillaCFM/2002090508 on 10.1.5. It works fine using Chimera/2002090505.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 2•22 years ago
|
||
Confirmed with Moz1.2a (20020910) under Windows using a different server.
Updated•22 years ago
|
Keywords: nsbeta1
OS: MacOS X → All
Priority: -- → P3
Hardware: Macintosh → All
Version: unspecified → 2.4
Comment 3•22 years ago
|
||
A workaround is to disable TLS. Edit>Prefs>Privacy>SSL
Comment 4•22 years ago
|
||
I get the same on Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826 on a different server. It's odd because the server was working earlier today, and now it's not, and I haven't changed anything on the server or in Mozilla (though I may have checked 'save this certificate', which is the standard snakeoil.dom dummy cert apache/modssl creates).
Comment 5•22 years ago
|
||
I tried disabling TLSv1 as junruh suggested, but that did not help. I checked the ssl_error_log on the server and found this bit of helpful info: [Wed Sep 18 16:03:51 2002] [error] OpenSSL: error:1408F071:SSL routines:SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered details of a re-created server certificate?] [Wed Sep 18 16:03:56 2002] [error] mod_ssl: SSL handshake failed (server bart.tajmahome.com:443, client 63.143.133.130) (OpenSSL library error follows) [Wed Sep 18 16:03:56 2002] [error] OpenSSL: error:1408F071:SSL routines:SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered details of a re-created server certificate?] [Wed Sep 18 16:18:10 2002] [error] mod_ssl: SSL handshake failed (server bart.tajmahome.com:443, client 63.143.133.130) (OpenSSL library error follows) As openssl is suggesting, I think this is what's happening, since I'm using the www.snakeoil.dom certificate - but I'm using different snakeoil.dom certificates on different sites, as on each server I run "make certificate type=dummy" when installing apache. As I said above, this problem only started happening when I clicked "remember this cert". I tried to go in and delete the cert, but when I clicked delete, nothing happened, and it looks like they're stored in a binary file so I can't manually delete the cert. Is there another way? For the time being I guess I'll just make a different cert for this server.
Comment 6•22 years ago
|
||
With the latest nightly build from www.mozilla.org, you can delete web site certs.
Comment 7•22 years ago
|
||
I also see this at "http://www.bokkilden.no". Press the green button named "LOGG INN" on the left frame. This error appears on 1.2a, but not on 1.1.
Comment 8•22 years ago
|
||
The site mentioned above is TLS intolerant - IBM_HTTP_Server/1.3.6.3 Apache/1.3.7-dev (Win32). Try disabling TLS.
Comment 9•22 years ago
|
||
I managed to get around the certificate problem I mentioned above by deleting the www.snakeoil.dom certificate. However, on another server, I get the "Incorrect Message Authentication Code" error. I am using Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2a) Gecko/20020910. Following is the portion of the ssl_engine_log from when I try to connect with Mozilla: [25/Sep/2002 16:19:25 14609] [info] Connection to child 0 established (server secure.alexandivy.com:443, client 63.143.133.130) [25/Sep/2002 16:19:25 14609] [info] Seeding PRNG with 1160 bytes of entropy [25/Sep/2002 16:19:25 14609] [error] SSL handshake failed (server secure.alexandivy.com:443, client 63.143.133.130) (OpenSSL library error follows) [25/Sep/2002 16:19:25 14609] [error] OpenSSL: error:1408F455:lib(20):func(143):reason(1109) Following is the section of the log when I connect with IE6: [25/Sep/2002 16:20:24 14616] [info] Connection to child 6 established (server secure.alexandivy.com:443, client 63.143.133.130) [25/Sep/2002 16:20:24 14616] [info] Seeding PRNG with 1160 bytes of entropy [25/Sep/2002 16:20:24 14616] [info] Connection: Client IP: 63.143.133.130, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits) [25/Sep/2002 16:20:24 14616] [info] Initial (No.1) HTTPS request received for child 6 (server secure.alexandivy.com:443) [25/Sep/2002 16:20:24 14616] [info] Connection to child 6 closed with unclean shutdown (server secure.alexandivy.com:443, client 63.143.133.130) Someone above had suggested disabling TLS in Mozilla; I have done that and it still does not work. The last time this happened, I uninstalled Mozilla, deleted the remaining files in the Application Data directory, and reinstalled and it worked. I'm going to try phoenix now and see if that works, since I don't feel like uninstalling and reinstalling Mozilla again.
Comment 10•22 years ago
|
||
I should have added that when I connected with IE6, it worked fine. Also, I just tried with "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b) Gecko/20020923 Phoenix/0.1" and it seems to work fine.
Comment 11•22 years ago
|
||
The nightly versions compiled before september seem to work well. A version dated of 15 august works well. Why did the bug appeared? Maybe analysing chenges in the source could help...
Comment 12•22 years ago
|
||
Sticking with the original bug, marking this a dupe of bug 162752 - TLS intolerant server problem. Evan Hoffman, your problem appears to be a duplicate of bug 169696 and not related to TLS intolerance. *** This bug has been marked as a duplicate of 162752 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Comment 14•22 years ago
|
||
I tested the patch from bug 163605 will fix this problem.
Depends on: 163605
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•