Cannot visit https websites (SSL_ERROR_PROTOCOL_VERSION_ALERT)
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
People
(Reporter: yanir.jibly, Unassigned, NeedInfo)
References
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0
Steps to reproduce:
I'm on MacOS. After a while, it seems that opening a new tab and searching something doesn't work. Also, some tabs stop working like Gmail (it says it's not connected). It's similar to bug #1717777, but that bug was closed.
Only after restarting I can browse normally again. Sometimes I can go away and then come back and it will work again. It makes working with Firefox really inconvenient. It's worth mentioning another Windows Firefox I have, had the same issue.
After checking the browser console, I see multiple messages like this:
Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. background.js:3129 send moz-extension://c9f59e9e-2af5-e64a-acd6-a9ec7e5dfabe/background.js:3129 Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. webrequest.js:112 onBeforeRequest moz-extension://0237ba83-6280-9f44-af2c-913500d8fa80/js/webrequest.js:112
These are the Bitwarden and Privacy Badger extensions.
Looking at the actual JS lines that cause the errors:
chrome.runtime.sendMessage(message);
I'm not sure why 'chrome' is there, or why it's not working, but I suspect this is the issue. Any help would be appreciated.
Actual results:
Nothing special, it started recently, I believe since the latest 89 version.
Expected results:
Everything should have worked normally.
Comment 1•3 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'WebExtensions::Untriaged' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.
Comment 2•3 years ago
|
||
Hello,
I’ve tried to reproduce the issue you are having, on the latest Nightly (91.0a1/20210707215219) and Release (89.0.2/20210622155641) under Windows 10 x64, however with not much success, except for the error which is logged in the browser console.
I’ve noticed the following during testing:
- The error logged in the console (the exact one as in the original description) is coming from “Bitwarden” only, in my case. “Privacy Badger” does not cause any errors to be logged in the console.
- The errors seem to be logged when doing any of the following: opening/closing a tab, switching windows (switching to a different window and returning to the browser window), searching for something via the address bar or Google search field.
Please note that I haven’t noticed any disruptive behavior during testing with the mentioned add-ons. The search function works as intended i.e it provides search results, tabs can be opened/closed, content is properly loaded.
I’ve also tested whether Gmail will stop working due to connectivity issues, and in my case, that didn’t happen. Gmail was properly working, with no disruptions, with both add-ons installed, even after about 2 hours of normal browsing with occasional checking of the tab Gmail was opened in.
Thanks for trying to rproduce. I have tried on Windows and it does seem fine now. Only MacOS is affected.
I tried downgrading and creating a new profile and it didn't help. Any other things I can try?
Thanks
Comment 4•3 years ago
|
||
Does the same issue still happen if you disable the add-on (Privacy Badger) (or the other one)?
It still happens after removing them both... Any other ideas to try? It's driving me nuts...
Comment 6•3 years ago
|
||
(In reply to blueblue from comment #5)
It still happens after removing them both... Any other ideas to try? It's driving me nuts...
Did you clear the log before retrying? After removing these extensions, you shouldn't be getting the logs since the extensions aren't running any more.
If you see unexpected behavior, please be more specific about what you're doing and what you're observing.
Sorry, I meant I am still experiencing the original issue of after a while opening a tab does nothing. Links that don't open a tab work fine. Searching after opening a new tab stops working...
Comment 8•3 years ago
|
||
From the description it's still not clear what's happening.
If you can't easily describe your issue in words, could you try to make a screen recording and attach the video? To learn how to make a screen recording, see https://support.apple.com/en-us/HT208721
I've recorded a video showing the issue. Also showing that creating a private window works temporarily. Only restarting Firefox makes it work without private browsing... Needless to say, Chrome works fine while having this issue, so it's not a network error.
Comment 10•3 years ago
|
||
According to the video you have a whole bunch of extensions installed, with some disabled in Private Browsing mode.
It is possible for one of your add-ons to be responsible for canceling these navigation requests.
Could you visit about:support
and share the output? It lists the extensions that you're using.
Try disabling individual extensions to see if they're responsible for your issue.
Reporter | ||
Comment 11•3 years ago
|
||
I've disabled everything (ran in troubleshoot mode), and after a while of browsing, it happened again...
My about:support:
Application Basics
------------------
Name: Firefox
Version: 90.0.1
Build ID: 20210716144314
Distribution ID:
Update Channel: release
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0
OS: Darwin 20.4.0 Darwin Kernel Version 20.4.0: Thu Apr 22 21:46:41 PDT 2021; root:xnu-7195.101.2~1/RELEASE_ARM64_T8101
Rosetta Translated: false
Multiprocess Windows: 3/3
Fission Windows: 0/3 Disabled by safe mode
Remote Processes: 7
Enterprise Policies: Inactive
Google Location Service Key: Found
Google Safebrowsing Key: Found
Mozilla Location Service Key: Found
Safe Mode: true
Crash Reports for the Last 3 Days
---------------------------------
Firefox Features
----------------
Name: DoH Roll-Out
Version: 2.0.0
ID: doh-rollout@mozilla.org
Name: Firefox Screenshots
Version: 39.0.1
ID: screenshots@mozilla.org
Name: Form Autofill
Version: 1.0.1
ID: formautofill@mozilla.org
Name: Picture-In-Picture
Version: 1.0.0
ID: pictureinpicture@mozilla.org
Name: Web Compatibility Interventions
Version: 23.1.0
ID: webcompat@mozilla.org
Name: WebCompat Reporter
Version: 1.4.2
ID: webcompat-reporter@mozilla.org
Remote Features
---------------
Remote Processes
----------------
Type: Web Content
Count: 4 / 8
Type: Privileged About
Count: 1
Type: Extension
Count: 1
Type: Preallocated
Count: 1
Add-ons
-------
Name: Amazon.com
Type: extension
Version: 1.3
Enabled: true
ID: amazondotcom@search.mozilla.org
Name: Bing
Type: extension
Version: 1.3
Enabled: true
ID: bing@search.mozilla.org
Name: DuckDuckGo
Type: extension
Version: 1.1
Enabled: true
ID: ddg@search.mozilla.org
Name: Google
Type: extension
Version: 1.1
Enabled: true
ID: google@search.mozilla.org
Name: Wikipedia (en)
Type: extension
Version: 1.1
Enabled: true
ID: wikipedia@search.mozilla.org
Name: 1Password – Password Manager
Type: extension
Version: 2.0.5
Enabled: false
ID: {d634138d-c276-4fc8-924b-40a0ea21d284}
Name: Adblock Plus - free ad blocker
Type: extension
Version: 3.11
Enabled: false
ID: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Name: Bitwarden - Free Password Manager
Type: extension
Version: 1.51.1
Enabled: false
ID: {446900e4-71c2-419f-a6a7-df9c091e268b}
Name: DuckDuckGo Privacy Essentials
Type: extension
Version: 2021.7.9
Enabled: false
ID: jid1-ZAdIEUB7XOzOJw@jetpack
Name: Facebook Container
Type: extension
Version: 2.2.1
Enabled: false
ID: @contain-facebook
Name: Feedbro
Type: extension
Version: 4.9.9
Enabled: false
ID: {a9c2ad37-e940-4892-8dce-cd73c6cbbc0c}
Name: Firefox Multi-Account Containers
Type: extension
Version: 7.3.0
Enabled: false
ID: @testpilot-containers
Name: HTTPS Everywhere
Type: extension
Version: 2021.7.13
Enabled: false
ID: https-everywhere@eff.org
Name: MetaMask
Type: extension
Version: 9.7.1
Enabled: false
ID: webextension@metamask.io
Name: Privacy Badger
Type: extension
Version: 2021.6.8
Enabled: false
ID: jid1-MnnxcxisBPnSXQ@jetpack
Name: Referer Control
Type: extension
Version: 1.31
Enabled: false
ID: {cde47992-8aa7-4206-9e98-680a2d20f798}
Name: uBlock Origin
Type: extension
Version: 1.36.2
Enabled: false
ID: uBlock0@raymondhill.net
Name: Zoom Page WE
Type: extension
Version: 18.6
Enabled: false
ID: zoompage-we@DW-dev
Graphics
--------
Features
Compositing: Basic
Asynchronous Pan/Zoom: wheel input enabled; scrollbar drag enabled; keyboard enabled; autoscroll enabled; smooth pinch-zoom enabled
WebGL 1 Driver WSI Info: -
WebGL 1 Driver Renderer: WebGL is currently disabled.
WebGL 1 Driver Version: -
WebGL 1 Driver Extensions: -
WebGL 1 Extensions: -
WebGL 2 Driver WSI Info: -
WebGL 2 Driver Renderer: WebGL is currently disabled.
WebGL 2 Driver Version: -
WebGL 2 Driver Extensions: -
WebGL 2 Extensions: -
Uses Tiling: true
Uses Tiling (Content): true
Target Frame Rate: 60
GPU #1
Active: Yes
Vendor ID: 0x106b
RAM: 0
Diagnostics
AzureCanvasBackend: skia
AzureContentBackend: skia
AzureFallbackCanvasBackend: skia
CMSOutputProfile: AAACFGFwcGwEAAAAbW50clJHQiBYWVogB+UABwATAA4AIQAYYWNzcEFQUEwAAAAAQVBQTAAAAAAAAAAAAAAAAAAAAAAAAPbWAAEAAAAA0y1hcHBsCdZaTW7IZo+eB7h3bGnyEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKZGVzYwAAAPwAAABmY3BydAAAAWQAAAAjd3RwdAAAAYgAAAAUclhZWgAAAZwAAAAUZ1hZWgAAAbAAAAAUYlhZWgAAAcQAAAAUclRSQwAAAdgAAAAQY2hhZAAAAegAAAAsYlRSQwAAAdgAAAAQZ1RSQwAAAdgAAAAQZGVzYwAAAAAAAAAMREVMTCBQMjQxOUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0ZXh0AAAAAENvcHlyaWdodCBBcHBsZSBJbmMuLCAyMDIxAABYWVogAAAAAAAA89gAAQAAAAEWCFhZWiAAAAAAAABk5QAAM20AAAEoWFlaIAAAAAAAAGoQAAC79gAAEbVYWVogAAAAAAAAJ+EAABCdAADAUHBhcmEAAAAAAAAAAAAB9gRzZjMyAAAAAAABC7cAAAWW///zVwAABykAAP3X///7t////aYAAAPaAADA9g==
Display0: 1920x1080 scale:1.000000
DisplayCount: 1
TileHeight: 512
TileWidth: 512
Decision Log
HW_COMPOSITING:
available by default
blocked by runtime: Acceleration blocked by safe-mode
OPENGL_COMPOSITING:
unavailable by default: Hardware compositing is disabled
WEBRENDER:
available by default
unavailable-in-safe-mode by runtime: Safe-mode is enabled
WEBRENDER_QUALIFIED:
available by default
WEBRENDER_COMPOSITOR:
available by default
WEBRENDER_SHADER_CACHE:
disabled by default: Disabled by default
unavailable by runtime: WebRender disabled
WEBRENDER_OPTIMIZED_SHADERS:
available by default
unavailable by runtime: WebRender disabled
WEBRENDER_ANGLE:
available by default
unavailable by env: OS not supported
WEBRENDER_DCOMP_PRESENT:
available by default
disabled by user: User disabled via pref
unavailable by env: Requires Windows 10 or later
unavailable by runtime: Requires ANGLE
WEBRENDER_SOFTWARE:
available by default
unavailable-in-safe-mode by runtime: Safe-mode is enabled
OMTP:
disabled by default: Disabled by default
blocked by runtime: OMTP blocked by safe-mode
WEBGPU:
disabled by default: Disabled by default
unavailable-no-webrender by runtime: WebGPU can't present without WebRender
Media
-----
Audio Backend: audiounit-rust
Max Channels: 2
Preferred Sample Rate: 48000
Output Devices
Name: Group
BoomAudio: GDAudioDevice_ModelUID
ZoomAudioDevice: zoom.us.zoomaudiodevice
MacBook Air Speakers: builtin-internal-mic|spk
Input Devices
Name: Group
BoomAudio: GDAudioDevice_ModelUID
ZoomAudioDevice: zoom.us.zoomaudiodevice
MacBook Air Microphone: builtin-internal-mic|spk
Enumerate database
Environment Variables
---------------------
MOZ_CRASHREPORTER_EVENTS_DIRECTORY: /Users/yanir/Library/Application Support/Firefox/Profiles/sm9zr0s3.default-release-1/crashes/events
MOZ_CRASHREPORTER_RESTART_ARG_0: /Applications/Firefox.app/Contents/MacOS/firefox
MOZ_CRASHREPORTER_RESTART_ARG_1: -foreground
MOZ_CRASHREPORTER_DATA_DIRECTORY: /Users/yanir/Library/Application Support/Firefox/Crash Reports
MOZ_CRASHREPORTER_PING_DIRECTORY: /Users/yanir/Library/Application Support/Firefox/Pending Pings
MOZ_CRASHREPORTER_STRINGS_OVERRIDE: /Applications/Firefox.app/Contents/Resources/browser/crashreporter-override.ini
MOZ_LAUNCHED_CHILD:
MOZ_CRASHREPORTER_RESTART_ARG_2:
XRE_PROFILE_PATH:
XRE_PROFILE_LOCAL_PATH:
XRE_START_OFFLINE:
XRE_BINARY_PATH:
XRE_RESTARTED_BY_PROFILE_MANAGER:
MOZ_SAFE_MODE_RESTART:
MOZ_APP_RESTART: 1
Experimental Features
---------------------
about:home startup cache (browser.startup.homepage.abouthome_cache.enabled): false
Cookies: SameSite=Lax by default (network.cookie.sameSite.laxByDefault): false
Cookies: SameSite=None requires secure attribute (network.cookie.sameSite.noneRequiresSecure): false
Cookies: Schemeful SameSite (network.cookie.sameSite.schemeful): false
CSS: Constructable Stylesheets (layout.css.constructable-stylesheets.enabled): false
CSS: Masonry Layout (layout.css.grid-template-masonry-value.enabled): false
Developer Tools: Color Scheme Simulation (devtools.inspector.color-scheme-simulation.enabled): true
Developer Tools: Compatibility Panel (devtools.inspector.compatibility.enabled): false
Developer Tools: Execution Context Selector (devtools.webconsole.input.context): false
Developer Tools: Service Worker debugging (devtools.debugger.features.windowless-service-workers): false
Fission (Site Isolation) (fission.autostart): false
Media: AVIF (image.avif.enabled): false
Media: JPEG XL (image.jxl.enabled): false
Multiple Picture-in-Picture Support (media.videocontrols.picture-in-picture.allow-multiple): true
Address Bar: show results during IME composition (browser.urlbar.keepPanelOpenDuringImeComposition): false
Web API: inputmode (dom.forms.inputmode): false
Web API: WebGPU (dom.webgpu.enabled): false
WebRTC Global Mute Toggles (privacy.webrtc.globalMuteToggles): false
Win32k Lockdown (security.sandbox.content.win32k-disable): false
Remote Experiments
------------------
Important Modified Preferences
------------------------------
accessibility.typeaheadfind.flashBar: 0
browser.contentblocking.category: standard
browser.download.useDownloadDir: false
browser.search.region: IL
browser.sessionstore.upgradeBackup.latestBuildID: 20210716144314
browser.sessionstore.warnOnQuit: true
browser.startup.homepage_override.buildID: 20210716144314
browser.startup.homepage_override.mstone: 90.0.1
browser.startup.page: 3
browser.urlbar.placeholderName: Google
browser.urlbar.placeholderName.private: Google
browser.urlbar.resultBuckets: {"children":[{"maxResultCount":1,"children":[{"group":"heuristicTest"},{"group":"heuristicExtension"},{"group":"heuristi
browser.urlbar.tipShownCount.searchTip_onboard: 4
browser.urlbar.tipShownCount.searchTip_redirect: 1
browser.zoom.siteSpecific: false
doh-rollout.balrog-migration-done: true
doh-rollout.doneFirstRun: true
doh-rollout.home-region: IL
dom.push.userAgentID: e51e4944e82b4c24b0c4fd2f0e0e7677
extensions.lastAppVersion: 90.0.1
font.internaluseonly.changed: false
idle.lastDailyNotification: 1626694516
media.gmp-gmpopenh264.abi: aarch64-gcc3
media.gmp-gmpopenh264.lastUpdate: 1624951959
media.gmp-gmpopenh264.version: 1.8.1.1
media.gmp-manager.buildID: 20210716144314
media.gmp-manager.lastCheck: 1626706633
media.gmp-widevinecdm.abi: aarch64-gcc3
media.gmp-widevinecdm.lastUpdate: 1624951961
media.gmp-widevinecdm.version: 4.10.2209.1
media.gmp.storage.version.observed: 1
network.dns.disablePrefetch: true
network.http.speculative-parallel-limit: 0
network.predictor.enabled: false
network.prefetch-next: false
network.trr.blocklist_cleanup_done: true
places.database.lastMaintenance: 1626262701
privacy.purge_trackers.date_in_cookie_database: 0
privacy.purge_trackers.last_purge: 1626694516693
privacy.sanitize.pending: [{"id":"newtab-container","itemsToClear":[],"options":{}}]
privacy.userContext.enabled: true
privacy.userContext.extension: @contain-facebook
privacy.userContext.ui.enabled: true
security.remote_settings.crlite_filters.checked: 1626703719
security.remote_settings.intermediates.checked: 1626698616
security.sandbox.content.tempDirSuffix: 0816ce1b-dda9-6846-81a2-4b69fe35fa60
security.sandbox.plugin.tempDirSuffix: d590428c-1170-2248-9e4d-270241d56698
services.sync.declinedEngines: passwords,tabs,forms,history
services.sync.engine.creditcards: true
services.sync.engine.history: false
services.sync.engine.passwords: false
services.sync.engine.prefs.modified: false
services.sync.engine.tabs: false
services.sync.lastPing: 1626683333
services.sync.lastSync: Mon Jul 19 2021 18:47:21 GMT+0300 (Israel Daylight Time)
signon.rememberSignons: false
storage.vacuum.last.index: 1
storage.vacuum.last.places.sqlite: 1624960381
Important Locked Preferences
----------------------------
fission.autostart.session: false
Places Database
---------------
Accessibility
-------------
Activated: false
Prevent Accessibility: 0
Library Versions
----------------
NSPR
Expected minimum version: 4.31
Version in use: 4.31
NSS
Expected minimum version: 3.66
Version in use: 3.66
NSSSMIME
Expected minimum version: 3.66
Version in use: 3.66
NSSSSL
Expected minimum version: 3.66
Version in use: 3.66
NSSUTIL
Expected minimum version: 3.66
Version in use: 3.66
Sandbox
-------
Content Process Sandbox Level: 3
Effective Content Process Sandbox Level: 3
Win32k Lockdown State for Content Process: Win32k Lockdown disabled -- Operating system not supported
Startup Cache
-------------
Disk Cache Path: /Users/yanir/Library/Caches/Firefox/Profiles/sm9zr0s3.default-release-1/startupCache/startupCache.8.little
Ignore Disk Cache: false
Found Disk Cache on Init: false
Wrote to Disk Cache: true
Internationalization & Localization
-----------------------------------
Application Settings
Requested Locales: ["en-US"]
Available Locales: ["en-US"]
App Locales: ["en-US"]
Regional Preferences: ["en-IL","he-IL"]
Default Locale: "en-US"
Operating System
System Locales: ["en-IL","he-IL"]
Regional Preferences: ["en-IL","he-IL"]
Remote Debugging (Chromium Protocol)
------------------------------------
Accepting Connections: false
URL:
Printing
--------
Modified print settings
-----------------------
Reporter | ||
Comment 12•3 years ago
|
||
Reporter | ||
Comment 13•3 years ago
|
||
I've checked the browser console, and it now shows nothing at all (after erasing the log).
I've opened the developer console and I see this error after trying to browse where nothing happens - SSL_ERROR_PROTOCOL_VERSION_ALERT
Reporter | ||
Comment 14•3 years ago
|
||
Sorry for the spam, but since it's an SSL error, I now see that http:// normal links work! e.g. http://neverssl.com/
Any idea what else I can try to pinpoint the exact issue?
Comment 15•3 years ago
|
||
Maybe this will help?
Reporter | ||
Comment 16•3 years ago
|
||
Thanks for the link, I've tried it but I have it all on defaults - 3 and 4...
After some more searching, there's a bug for this issue already at https://bugzilla.mozilla.org/show_bug.cgi?id=1718520
They suggest disabling TLS version 4 by setting max to 3, I'll try it later when I get the chance.
Comment 17•3 years ago
|
||
To recap from what's been shared so far:
- Cannot visit https sites in normal browsing mode (requests are aborted), works fine in Private Browsing mode (video from comment 9).
- Request is aborted with the
SSL_ERROR_PROTOCOL_VERSION_ALERT
error (comment 12). This error also appeared at bug 1718520, which was reported only a week after yours. about:support
in comment 11.
The error is reported at https://searchfox.org/mozilla-central/rev/a14ecd829fdb1e9780b7c100016c6a3d951cf7da/security/nss/lib/ssl/ssl3con.c#3082, so I'll move this bug to the NSS::Libraries component.
Updated•3 years ago
|
Comment 18•3 years ago
|
||
Is this exclusively Google sites, or is it every site?
We've been talking to Google about a problem like this and it seemed like the problem had been fixed according to the reporters on bug 1717644. This is definitely fresh though.
There is definitely a bug somewhere in our stack that we need to fix. We shouldn't be locking up like this. We'll need some networking expertise for that part. Kershaw, do you have time to do some investigation? (I can setup a server that produces the version alert if you need help.)
Reporter | ||
Comment 19•3 years ago
|
||
A couple more notes:
- I went on and installed Wireshark to provide a dump for when it happens, but then I realized I don't want to accidentally (even though it's SSL) share my google.com cookies, so I deleted them beforehand - and the issue doesn't reproduce after deleting them... That coincides with me being able to google freely when I start a new Private browsing window. Can I really share my Wireshark dump without worrying it may leak unwanted information?
- Other SSL sites work fine, only google.com / gmail.com don't work.
Comment 20•3 years ago
|
||
(In reply to blueblue from comment #19)
A couple more notes:
- I went on and installed Wireshark to provide a dump for when it happens, but then I realized I don't want to accidentally (even though it's SSL) share my google.com cookies, so I deleted them beforehand - and the issue doesn't reproduce after deleting them... That coincides with me being able to google freely when I start a new Private browsing window. Can I really share my Wireshark dump without worrying it may leak unwanted information?
- Other SSL sites work fine, only google.com / gmail.com don't work.
Hi Reporter,
Could you try to capture a http log? The log contains cookies, so you may want to send the http log and wireshark log to my email address directly.
Thanks.
Reporter | ||
Comment 21•3 years ago
|
||
I've attached a pcap (after clearing cookies) to bug #1717644, seems like it's the same issue as this one...
Reporter | ||
Comment 22•3 years ago
|
||
BTW, it's worth noting that disable 0rtt in about:config makes the issue go away...
Comment 23•3 years ago
•
|
||
There is definitely a bug somewhere in our stack that we need to fix. We shouldn't be locking up like this. We'll need some networking expertise for that part. Kershaw, do you have time to do some investigation? (I can setup a server that produces the version alert if you need help.)
That'd be really helpful if we have a server that demonstrates this issue.
Martin, could you show me how to do this? Thanks.
Comment 24•3 years ago
|
||
Hi Kershaw,
This might be a big lengthy, but if you have run NSS stuff before, it's not TOO bad, but it takes a little time to get situated.
You will need a custom NSS (put this all in a new directory to keep this separate). You need gyp and ninja for this.
hg clone https://hg.mozilla.org/projects/nss ./nss
hg clone https://hg.mozilla.org/projects/nsr ./nspr
git clone https://github.com/mozilla/nss-tools ./nss-tools
cd nss
./build.sh
unzip x.zip # <-- this is this attachment
../nss-tools/nss-run.sh selfserv -p 6868 -n rsa -d ./db -Z -u
That will get the server running at https://localhost:6868/. Load that page so that you can accept the self-signed certificate in Firefox.
Then kill the server and apply the patch.
patch -p1 < protocol-version-alert.patch
./build.sh
../nss-tools/nss-run.sh selfserv -p 6868 -n rsa -d ./db -Z -u
Reloading https://localhost:6868/ should produce the alert about 40% of the time.
I'm not sure how helpful this is though. I've not seen the error that the reporter is seeing here; it produces the error page as you might expect. NSS might not be doing exactly the right thing here. You can try playing around with the conditions in the patch to see if things change. I've just made the error random, which might not be good enough.
Comment 25•3 years ago
|
||
Thanks for the detailed introduction! I did run the NSS server successfully, but I can't reproduce the issue in this bug.
According to the log provided by the reporter, I observed the similar symptom as the log in bug 1382886 comment #29. The log below repeats more than 1000 times in a short time, so socket thread comsumes a lot of CPU doing polling.
2021-07-20 07:54:21.423813 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport STS poll iter
2021-07-20 07:54:21.423815 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport active [3] { handler=140aa7c00 condition=0 pollflags=6 }
2021-07-20 07:54:21.423817 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::EnsureTimeout socket=140aa7c00
2021-07-20 07:54:21.423819 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport engaging
2021-07-20 07:54:21.423821 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport active [2] { handler=136ea2c00 condition=0 pollflags=5 }
2021-07-20 07:54:21.423823 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::EnsureTimeout socket=136ea2c00
2021-07-20 07:54:21.423825 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport engaging
2021-07-20 07:54:21.423827 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport active [1] { handler=137208400 condition=0 pollflags=5 }
2021-07-20 07:54:21.423829 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::EnsureTimeout socket=137208400
2021-07-20 07:54:21.423830 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport engaging
2021-07-20 07:54:21.423832 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport active [0] { handler=14e8e4c00 condition=0 pollflags=5 }
2021-07-20 07:54:21.423834 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::EnsureTimeout socket=14e8e4c00
2021-07-20 07:54:21.423836 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport engaging
2021-07-20 07:54:21.423838 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport calling PR_Poll [active=4 idle=0]
2021-07-20 07:54:21.423840 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::TimeoutIn socket=14e8e4c00, timeout=65535s
2021-07-20 07:54:21.423842 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport not engaged
2021-07-20 07:54:21.423844 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::TimeoutIn socket=137208400, timeout=65535s
2021-07-20 07:54:21.423846 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport not engaged
2021-07-20 07:54:21.423848 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::TimeoutIn socket=136ea2c00, timeout=65535s
2021-07-20 07:54:21.423850 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport not engaged
2021-07-20 07:54:21.423852 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::TimeoutIn socket=140aa7c00, timeout=65535s
2021-07-20 07:54:21.423854 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport not engaged
2021-07-20 07:54:21.423855 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport poll timeout: none
2021-07-20 07:54:21.423857 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport timeout = -1 milliseconds
2021-07-20 07:54:21.423864 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport ...returned after 0 milliseconds
2021-07-20 07:54:21.423866 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::TimeoutIn socket=14e8e4c00, timeout=65535s
2021-07-20 07:54:21.423868 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport not engaged
2021-07-20 07:54:21.423870 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::TimeoutIn socket=137208400, timeout=65535s
2021-07-20 07:54:21.423872 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport not engaged
2021-07-20 07:54:21.423874 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::TimeoutIn socket=136ea2c00, timeout=65535s
2021-07-20 07:54:21.423876 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport not engaged
2021-07-20 07:54:21.423878 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::DisengageTimeout socket=140aa7c00
2021-07-20 07:54:21.423880 UTC - [Parent 6544: Socket Thread]: E/nsSocketTransport nsSocketTransport::OnSocketReady [this=140aa7c00 outFlags=2]
2021-07-20 07:54:21.423882 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport nsSocketOutputStream::OnSocketReady [this=140aa7ec0 cond=0]
2021-07-20 07:54:21.423884 UTC - [Parent 6544: Socket Thread]: V/nsHttp nsHttpConnection::OnSocketWritable [this=1412d1000] host=www.google.com
2021-07-20 07:54:21.423886 UTC - [Parent 6544: Socket Thread]: V/nsHttp nsHttpConnection::GetSecurityInfo trans=141feb000 tlsfilter=0 socket=140aa7c18
2021-07-20 07:54:21.423888 UTC - [Parent 6544: Socket Thread]: I/nsHttp Http2Session::ConfirmTLSProfile 141feb000 mConnection=13a6b3ac0
2021-07-20 07:54:21.423890 UTC - [Parent 6544: Socket Thread]: I/nsHttp Http2Session::ConfirmTLSProfile 141feb000 temporarily passing due to early data
2021-07-20 07:54:21.423892 UTC - [Parent 6544: Socket Thread]: I/nsHttp Http2Session::ReadSegments 141feb000
2021-07-20 07:54:21.423894 UTC - [Parent 6544: Socket Thread]: I/nsHttp Http2Session 141feb000 could not identify a stream to write; suspending.
2021-07-20 07:54:21.423897 UTC - [Parent 6544: Socket Thread]: V/nsHttp nsHttpConnection::EnsureNPNComplete [this=1412d1000] - written 0 bytes during 0RTT
2021-07-20 07:54:21.423899 UTC - [Parent 6544: Socket Thread]: V/nsHttp nsHttpConnection::OnSocketWritable 1412d1000 ReadSegments returned [rv=80470007 read=0 sock-cond=0 again=1]
2021-07-20 07:54:21.423901 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport nsSocketOutputStream::AsyncWait [this=140aa7ec0]
Reporter, could you try to get the http log again with adding pipnss:5
to MOZ_LOG
environment variable? Could you also check if there is a high CPU usage when this happens? Thanks.
Comment 26•3 years ago
|
||
(In reply to blueblue from comment #22)
BTW, it's worth noting that disable 0rtt in about:config makes the issue go away...
This seems like the same issue as bug 1718520. Should this be marked as a duplicate?
Comment 27•3 years ago
|
||
Sounds like a good idea.
Description
•