Closed Bug 1686362 Opened 4 years ago Closed 4 years ago

YouTube stopped working today when Nightly Experimental HTTPS 3 enabled

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Version:
Firefox 86
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: nycitykpop, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0

Steps to reproduce:

Went to YouTube.com and got an error message saying could not connect. no secure connection available (similar)

Actual results:

Went to YouTube.com and got an error message saying could not connect. no secure connection available (similar). I had Experimental HTTP 3 enabled for the past week. After updating YouTube stopped working. I disabled HTTP 3 then YouTube started working again. Afterwards, I re-enabled HTTP 3 and YouTube still works now. The browser stopped working after the Firefox Nightly update. I had to disable then re-enable HTTP 3 to get YouTube to work again. Other Websites were mostly working. There were a few who did not.

Expected results:

Youtube should have loaded when Experimental HTTP 3 was enabled after Firefox Nightly update.

I am still having the same problem on https://www.ic3.gov/
The exact message was:

Secure Connection Failed
An error occurred during a connection to www.ic3.gov. PR_CONNECT_RESET_ERROR
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

The message I got on YouTube DID NOT say PR_CONNECT_RESET_ERROR. It didn't give an error code but the rest of the message was the same.

I turned off experimental HTTP 3 but still get the same error message. I cannot access https://www.ic3.gov on Firefox Nightly whether HTTP 3 is enabled or not.

I have the following SSL protocols set in about:support

security.ssl.require_safe_negotiation true
security.ssl.treat_unsafe_negotiation_as_broken true

security.ssl3.ecdhe_ecdsa_aes_128_sha false
security.ssl3.ecdhe_ecdsa_aes_256_sha false
security.ssl3.ecdhe_rsa_aes_128_sha false
security.ssl3.ecdhe_rsa_aes_256_sha false
security.ssl3.rsa_aes_128_gcm_sha256 false
security.ssl3.rsa_aes_128_sha false
security.ssl3.rsa_aes_256_gcm_sha384 false
security.ssl3.rsa_aes_256_sha false
security.ssl3.rsa_des_ede3_sha false

Qualys SSL Labs "Client Test" report says these are enabled (https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html)
TLS_AES_128_GCM_SHA256 (0x1301) Forward Secrecy 128
TLS_CHACHA20_POLY1305_SHA256 (0x1303) Forward Secrecy 256
TLS_AES_256_GCM_SHA384 (0x1302) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256

Hello,

I’ve attempted to reproduce the issue on the latest Nightly (86.0a1/20210113213439), Beta (85.0b8/20210112185508) and Release (84.0.2/20210105180113) under Windows 10 x64, without success however.

Browsing through about:config, I’ve found a pref called network.http.http3.enabled, set it to true and accessed the mentioned websites, but I had no problem connecting to them.

Is that the pref you changed when you enabled/disabled HTTP 3 in Comment 2, or another one?

Furthermore, I’ve also tried accessing those sites with the “Enable HTTPS-Only Mode in all windows” option enabled in about:preferences#privacy (bottom of the page) as I saw this option might cause connection issues. The same results were obtained. I can access the sites without connection issues.

Could you please provide more detailed steps to reproduce, including any options/preferences you might have enabled?

Thank you !

Flags: needinfo?(kpopempire)

I used the Preferences page under the experimental tab to make changes to the HTTPS 3. I did not use the about:config to make changes to the HTTP 3 settings. Right now it is turned off because https://www12.9anime.to will not show the video episodes on the various videos with HTTP 3 enabled. You can toggle HTTP 3 on and off with www12.9anime.to in order see the effects on the pages of the various anime episodes. I am still unable to access ic3.gov no matter what I do.

The only changes I made in about:config are the changes I listed above. I also disabled all ffvpx settings in order to get VAAPI hardware acceleration to work on 8K videos on YouTube without sending my CPU through the roof.

yes I have HTTPS-Only enabled just as you did.

Here are my setting from the bottom of about:support :

Experimental Features
Name Value about:home startup cache (browser.startup.homepage.abouthome_cache.enabled) true
Cookies: SameSite=Lax by default (network.cookie.sameSite.laxByDefault) true
Cookies: SameSite=None requires secure attribute (network.cookie.sameSite.noneRequiresSecure) true
Cookies: Schemeful SameSite (network.cookie.sameSite.schemeful) true
CSS: Constructable Stylesheets (layout.css.constructable-stylesheets.enabled) false
CSS: Pseudo-class: :focus-visible (layout.css.focus-visible.enabled) true
CSS: Masonry Layout (layout.css.grid-template-masonry-value.enabled) true
Developer Tools: Color Scheme Simulation (devtools.inspector.color-scheme-simulation.enabled) false
Developer Tools: Compatibility Panel (devtools.inspector.compatibility.enabled) true
Developer Tools: Execution Context Selector (devtools.webconsole.input.context) true
Developer Tools: Service Worker debugging (devtools.debugger.features.windowless-service-workers) false
Fission (Site Isolation) (fission.autostart) true
HTTP/3 protocol (network.http.http3.enabled) false
Multiple Picture-in-Picture Support (media.videocontrols.picture-in-picture.allow-multiple) true
Print Preview Redesign (print.tab_modal.enabled) true
Web API: beforeinput Event (dom.input_events.beforeinput.enabled) true
Web API: inputmode (dom.forms.inputmode) true
Web API: <link rel="preload"> (network.preload) true
Web API: WebGPU (dom.webgpu.enabled) true
WebRTC Global Mute Toggles (privacy.webrtc.globalMuteToggles) false
Important Modified Preferences
Name Value browser.contentblocking.category strict
browser.search.region US
browser.sessionstore.upgradeBackup.latestBuildID 20210113213439
browser.startup.homepage https://us.startpage.com/do/mypage.pl?prfe=98e0f322c83b9e929da3a9ef1f7ab7ed7732d066330286871125bb136b90e3cd81a15fa3cd02d
browser.startup.homepage_override.buildID 20210113213439
browser.startup.homepage_override.mstone 86.0a1
browser.startup.page 3
browser.urlbar.placeholderName Google
doh-rollout.balrog-migration-done true
doh-rollout.disable-heuristics true
doh-rollout.doneFirstRun true
doh-rollout.trr-selection.enabled true
dom.forms.autocomplete.formautofill true
dom.push.userAgentID 163fcae2c31743cbb833ae9b62d3964e
dom.security.https_only_mode true
dom.security.https_only_mode_ever_enabled true
dom.webgpu.enabled true
extensions.formautofill.creditCards.used 2
extensions.lastAppVersion 86.0a1
fission.autostart true
idle.lastDailyNotification 1610557216
media.eme.enabled true
media.ffmpeg.vaapi.enabled true
media.ffvpx.enabled false
media.ffvpx.mp3.enabled false
media.gmp-gmpopenh264.abi x86_64-gcc3
media.gmp-gmpopenh264.lastUpdate 1610384062
media.gmp-gmpopenh264.version 1.8.1.1
media.gmp-manager.buildID 20210113213439
media.gmp-manager.lastCheck 1610587571
media.gmp-widevinecdm.abi x86_64-gcc3
media.gmp-widevinecdm.lastUpdate 1610384063
media.gmp-widevinecdm.version 4.10.1582.2
media.gmp.storage.version.observed 1
media.gpu-process-decoder true
media.hardware-video-decoding.force-enabled true
media.navigator.mediadatadecoder_vpx_enabled false
media.rdd-ffvpx.enabled false
media.rdd-vpx.enabled false
media.videocontrols.picture-in-picture.allow-multiple true
network.dns.echconfig.enabled true
network.dns.echconfig.fallback_to_origin_when_all_failed false
network.dns.skipTRR-when-parental-control-enabled false
network.trr.blocklist_cleanup_done true
network.trr.bootstrapAddress 104.16.249.248
network.trr.mode 3
places.database.lastMaintenance 1610384416
privacy.donottrackheader.enabled true
privacy.purge_trackers.date_in_cookie_database 0
privacy.purge_trackers.last_purge 1610557216779
privacy.sanitize.pending [{"id":"newtab-container","itemsToClear":[],"options":{}}]
privacy.trackingprotection.enabled true
privacy.trackingprotection.socialtracking.enabled true
security.remote_settings.crlite_filters.checked 1610561334
security.remote_settings.intermediates.checked 1610561334
security.sandbox.content.tempDirSuffix bdd6fc9e-92c8-4975-9a8f-555cb95f3c15
security.sandbox.plugin.tempDirSuffix e476e697-ebf5-45a8-9065-c98e03800491
security.ssl.require_safe_negotiation true
security.ssl.treat_unsafe_negotiation_as_broken true
security.ssl3.ecdhe_ecdsa_aes_128_sha false
security.ssl3.ecdhe_ecdsa_aes_256_sha false
security.ssl3.ecdhe_rsa_aes_128_sha false
security.ssl3.ecdhe_rsa_aes_256_sha false
security.ssl3.rsa_aes_128_gcm_sha256 false
security.ssl3.rsa_aes_128_sha false
security.ssl3.rsa_aes_256_gcm_sha384 false
security.ssl3.rsa_aes_256_sha false
security.ssl3.rsa_des_ede3_sha false
services.sync.declinedEngines creditcards
services.sync.engine.addresses true
services.sync.engine.addresses.available true
services.sync.engine.bookmarks.validation.lastTime 1610556479
services.sync.engine.passwords.validation.lastTime 1610556479
services.sync.engine.prefs.modified false
services.sync.lastPing 1610556479
services.sync.lastSync Thu Jan 14 2021 06:48:56 GMT-0500 (Eastern Standard Time)
storage.vacuum.last.index 1
storage.vacuum.last.places.sqlite 1610384416

Important Locked Preferences
Name Value fission.autostart.session true

Flags: needinfo?(kpopempire)

Hi Jeffrey and thank you for the info !

As per additional info you provided, I’ve enabled the HTTP/3 protocol experimental support and started to check each setting you mentioned in the about:support snippet. What I’ve found is that this preference security.ssl3.rsa_aes_256_sha when set to false while the HTTP/3 protocol is enabled will cause the connection error on www.ic3.gov . However, YouTube and https://www12.9anime.to/ remained unaffected, being able to access them without issues.

Maybe, in your particular case, that reverting the above preference to true will solve the issue.

Component: General → Networking: HTTP
Product: Toolkit → Core

Hi can you still reproduce this issue?

Blocks: QUIC
Flags: needinfo?(kpopempire)

Please excuse the late response. I have updated nightly a few versions since we last spoke. Today I went to 9anime.to and found the site is working just fine. Whatever changes you made it seems to have fixed the problem.

IC3.GOV still doesn't work but that may be because of the reason you stated above. I am still getting:
"An error occurred during a connection to ic3.gov. PR_CONNECT_RESET_ERROR"

I believe my security settings may be causing the above problem because my browser settings have all the single encryption RSA options turned off. Most of the dual encryptions are turned on i.e: "security.ssl3.ecdhe_rsa_aes_256_gcm_sha384" (see my tech notes above).

Thank you.

Flags: needinfo?(kpopempire)

BTW:
I am leaving the experimental HTTP 3 turned ON. If I encounter any other problems with it I will be sure to let you know.
Thanks again.

(In reply to Jeffrey G from comment #9)

BTW:
I am leaving the experimental HTTP 3 turned ON. If I encounter any other problems with it I will be sure to let you know.
Thanks again.

Thank, that is very appreciated.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.