Closed Bug 1719312 Opened 3 years ago Closed 3 years ago

Cannot visit https websites (SSL_ERROR_PROTOCOL_VERSION_ALERT)

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1718520

People

(Reporter: yanir.jibly, Unassigned, NeedInfo)

References

Details

Attachments

(2 files)

Error from developer console when the issue occurs
57.41 KB, image/png
Details
Force NSS to send the alert sometimes
1.05 MB, application/x-zip-compressed
Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0

Steps to reproduce:

I'm on MacOS. After a while, it seems that opening a new tab and searching something doesn't work. Also, some tabs stop working like Gmail (it says it's not connected). It's similar to bug #1717777, but that bug was closed.

Only after restarting I can browse normally again. Sometimes I can go away and then come back and it will work again. It makes working with Firefox really inconvenient. It's worth mentioning another Windows Firefox I have, had the same issue.

After checking the browser console, I see multiple messages like this:

Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. background.js:3129 send moz-extension://c9f59e9e-2af5-e64a-acd6-a9ec7e5dfabe/background.js:3129 Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. webrequest.js:112 onBeforeRequest moz-extension://0237ba83-6280-9f44-af2c-913500d8fa80/js/webrequest.js:112

These are the Bitwarden and Privacy Badger extensions.
Looking at the actual JS lines that cause the errors:

chrome.runtime.sendMessage(message);

I'm not sure why 'chrome' is there, or why it's not working, but I suspect this is the issue. Any help would be appreciated.

Actual results:

Nothing special, it started recently, I believe since the latest 89 version.

Expected results:

Everything should have worked normally.

The Bugbug bot thinks this bug should belong to the 'WebExtensions::Untriaged' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Product: Firefox → WebExtensions

Hello,

I’ve tried to reproduce the issue you are having, on the latest Nightly (91.0a1/20210707215219) and Release (89.0.2/20210622155641) under Windows 10 x64, however with not much success, except for the error which is logged in the browser console.

I’ve noticed the following during testing:

  1. The error logged in the console (the exact one as in the original description) is coming from “Bitwarden” only, in my case. “Privacy Badger” does not cause any errors to be logged in the console.
  2. The errors seem to be logged when doing any of the following: opening/closing a tab, switching windows (switching to a different window and returning to the browser window), searching for something via the address bar or Google search field.

Please note that I haven’t noticed any disruptive behavior during testing with the mentioned add-ons. The search function works as intended i.e it provides search results, tabs can be opened/closed, content is properly loaded.

I’ve also tested whether Gmail will stop working due to connectivity issues, and in my case, that didn’t happen. Gmail was properly working, with no disruptions, with both add-ons installed, even after about 2 hours of normal browsing with occasional checking of the tab Gmail was opened in.

Thanks for trying to rproduce. I have tried on Windows and it does seem fine now. Only MacOS is affected.
I tried downgrading and creating a new profile and it didn't help. Any other things I can try?

Thanks

Does the same issue still happen if you disable the add-on (Privacy Badger) (or the other one)?

Flags: needinfo?(yanir.jibly)

It still happens after removing them both... Any other ideas to try? It's driving me nuts...

Flags: needinfo?(yanir.jibly)

(In reply to blueblue from comment #5)

It still happens after removing them both... Any other ideas to try? It's driving me nuts...

Did you clear the log before retrying? After removing these extensions, you shouldn't be getting the logs since the extensions aren't running any more.
If you see unexpected behavior, please be more specific about what you're doing and what you're observing.

Sorry, I meant I am still experiencing the original issue of after a while opening a tab does nothing. Links that don't open a tab work fine. Searching after opening a new tab stops working...

From the description it's still not clear what's happening.

If you can't easily describe your issue in words, could you try to make a screen recording and attach the video? To learn how to make a screen recording, see https://support.apple.com/en-us/HT208721

I've recorded a video showing the issue. Also showing that creating a private window works temporarily. Only restarting Firefox makes it work without private browsing... Needless to say, Chrome works fine while having this issue, so it's not a network error.

https://streamable.com/xuiqse

According to the video you have a whole bunch of extensions installed, with some disabled in Private Browsing mode.

It is possible for one of your add-ons to be responsible for canceling these navigation requests.

Could you visit about:support and share the output? It lists the extensions that you're using.
Try disabling individual extensions to see if they're responsible for your issue.

I've disabled everything (ran in troubleshoot mode), and after a while of browsing, it happened again...

My about:support:

Application Basics
------------------

Name: Firefox
Version: 90.0.1
Build ID: 20210716144314
Distribution ID:
Update Channel: release
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0
OS: Darwin 20.4.0 Darwin Kernel Version 20.4.0: Thu Apr 22 21:46:41 PDT 2021; root:xnu-7195.101.2~1/RELEASE_ARM64_T8101
Rosetta Translated: false
Multiprocess Windows: 3/3
Fission Windows: 0/3 Disabled by safe mode
Remote Processes: 7
Enterprise Policies: Inactive
Google Location Service Key: Found
Google Safebrowsing Key: Found
Mozilla Location Service Key: Found
Safe Mode: true

Crash Reports for the Last 3 Days
---------------------------------

Firefox Features
----------------

Name: DoH Roll-Out
Version: 2.0.0
ID: doh-rollout@mozilla.org

Name: Firefox Screenshots
Version: 39.0.1
ID: screenshots@mozilla.org

Name: Form Autofill
Version: 1.0.1
ID: formautofill@mozilla.org

Name: Picture-In-Picture
Version: 1.0.0
ID: pictureinpicture@mozilla.org

Name: Web Compatibility Interventions
Version: 23.1.0
ID: webcompat@mozilla.org

Name: WebCompat Reporter
Version: 1.4.2
ID: webcompat-reporter@mozilla.org

Remote Features
---------------

Remote Processes
----------------

Type: Web Content
Count: 4 / 8

Type: Privileged About
Count: 1

Type: Extension
Count: 1

Type: Preallocated
Count: 1

Add-ons
-------

Name: Amazon.com
Type: extension
Version: 1.3
Enabled: true
ID: amazondotcom@search.mozilla.org

Name: Bing
Type: extension
Version: 1.3
Enabled: true
ID: bing@search.mozilla.org

Name: DuckDuckGo
Type: extension
Version: 1.1
Enabled: true
ID: ddg@search.mozilla.org

Name: Google
Type: extension
Version: 1.1
Enabled: true
ID: google@search.mozilla.org

Name: Wikipedia (en)
Type: extension
Version: 1.1
Enabled: true
ID: wikipedia@search.mozilla.org

Name: 1Password – Password Manager
Type: extension
Version: 2.0.5
Enabled: false
ID: {d634138d-c276-4fc8-924b-40a0ea21d284}

Name: Adblock Plus - free ad blocker
Type: extension
Version: 3.11
Enabled: false
ID: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

Name: Bitwarden - Free Password Manager
Type: extension
Version: 1.51.1
Enabled: false
ID: {446900e4-71c2-419f-a6a7-df9c091e268b}

Name: DuckDuckGo Privacy Essentials
Type: extension
Version: 2021.7.9
Enabled: false
ID: jid1-ZAdIEUB7XOzOJw@jetpack

Name: Facebook Container
Type: extension
Version: 2.2.1
Enabled: false
ID: @contain-facebook

Name: Feedbro
Type: extension
Version: 4.9.9
Enabled: false
ID: {a9c2ad37-e940-4892-8dce-cd73c6cbbc0c}

Name: Firefox Multi-Account Containers
Type: extension
Version: 7.3.0
Enabled: false
ID: @testpilot-containers

Name: HTTPS Everywhere
Type: extension
Version: 2021.7.13
Enabled: false
ID: https-everywhere@eff.org

Name: MetaMask
Type: extension
Version: 9.7.1
Enabled: false
ID: webextension@metamask.io

Name: Privacy Badger
Type: extension
Version: 2021.6.8
Enabled: false
ID: jid1-MnnxcxisBPnSXQ@jetpack

Name: Referer Control
Type: extension
Version: 1.31
Enabled: false
ID: {cde47992-8aa7-4206-9e98-680a2d20f798}

Name: uBlock Origin
Type: extension
Version: 1.36.2
Enabled: false
ID: uBlock0@raymondhill.net

Name: Zoom Page WE
Type: extension
Version: 18.6
Enabled: false
ID: zoompage-we@DW-dev

Graphics
--------

Features
Compositing: Basic
Asynchronous Pan/Zoom: wheel input enabled; scrollbar drag enabled; keyboard enabled; autoscroll enabled; smooth pinch-zoom enabled
WebGL 1 Driver WSI Info: -
WebGL 1 Driver Renderer: WebGL is currently disabled.
WebGL 1 Driver Version: -
WebGL 1 Driver Extensions: -
WebGL 1 Extensions: -
WebGL 2 Driver WSI Info: -
WebGL 2 Driver Renderer: WebGL is currently disabled.
WebGL 2 Driver Version: -
WebGL 2 Driver Extensions: -
WebGL 2 Extensions: -
Uses Tiling: true
Uses Tiling (Content): true
Target Frame Rate: 60
GPU #1
Active: Yes
Vendor ID: 0x106b
RAM: 0

Diagnostics
AzureCanvasBackend: skia
AzureContentBackend: skia
AzureFallbackCanvasBackend: skia
CMSOutputProfile: AAACFGFwcGwEAAAAbW50clJHQiBYWVogB+UABwATAA4AIQAYYWNzcEFQUEwAAAAAQVBQTAAAAAAAAAAAAAAAAAAAAAAAAPbWAAEAAAAA0y1hcHBsCdZaTW7IZo+eB7h3bGnyEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKZGVzYwAAAPwAAABmY3BydAAAAWQAAAAjd3RwdAAAAYgAAAAUclhZWgAAAZwAAAAUZ1hZWgAAAbAAAAAUYlhZWgAAAcQAAAAUclRSQwAAAdgAAAAQY2hhZAAAAegAAAAsYlRSQwAAAdgAAAAQZ1RSQwAAAdgAAAAQZGVzYwAAAAAAAAAMREVMTCBQMjQxOUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0ZXh0AAAAAENvcHlyaWdodCBBcHBsZSBJbmMuLCAyMDIxAABYWVogAAAAAAAA89gAAQAAAAEWCFhZWiAAAAAAAABk5QAAM20AAAEoWFlaIAAAAAAAAGoQAAC79gAAEbVYWVogAAAAAAAAJ+EAABCdAADAUHBhcmEAAAAAAAAAAAAB9gRzZjMyAAAAAAABC7cAAAWW///zVwAABykAAP3X///7t////aYAAAPaAADA9g==
Display0: 1920x1080 scale:1.000000
DisplayCount: 1
TileHeight: 512
TileWidth: 512
Decision Log
HW_COMPOSITING:
available by default
blocked by runtime: Acceleration blocked by safe-mode
OPENGL_COMPOSITING:
unavailable by default: Hardware compositing is disabled
WEBRENDER:
available by default
unavailable-in-safe-mode by runtime: Safe-mode is enabled
WEBRENDER_QUALIFIED:
available by default
WEBRENDER_COMPOSITOR:
available by default
WEBRENDER_SHADER_CACHE:
disabled by default: Disabled by default
unavailable by runtime: WebRender disabled
WEBRENDER_OPTIMIZED_SHADERS:
available by default
unavailable by runtime: WebRender disabled
WEBRENDER_ANGLE:
available by default
unavailable by env: OS not supported
WEBRENDER_DCOMP_PRESENT:
available by default
disabled by user: User disabled via pref
unavailable by env: Requires Windows 10 or later
unavailable by runtime: Requires ANGLE
WEBRENDER_SOFTWARE:
available by default
unavailable-in-safe-mode by runtime: Safe-mode is enabled
OMTP:
disabled by default: Disabled by default
blocked by runtime: OMTP blocked by safe-mode
WEBGPU:
disabled by default: Disabled by default
unavailable-no-webrender by runtime: WebGPU can't present without WebRender




Media
-----

Audio Backend: audiounit-rust
Max Channels: 2
Preferred Sample Rate: 48000
Output Devices
Name: Group
BoomAudio: GDAudioDevice_ModelUID
ZoomAudioDevice: zoom.us.zoomaudiodevice
MacBook Air Speakers: builtin-internal-mic|spk
Input Devices
Name: Group
BoomAudio: GDAudioDevice_ModelUID
ZoomAudioDevice: zoom.us.zoomaudiodevice
MacBook Air Microphone: builtin-internal-mic|spk

Enumerate database

Environment Variables
---------------------

MOZ_CRASHREPORTER_EVENTS_DIRECTORY: /Users/yanir/Library/Application Support/Firefox/Profiles/sm9zr0s3.default-release-1/crashes/events
MOZ_CRASHREPORTER_RESTART_ARG_0: /Applications/Firefox.app/Contents/MacOS/firefox
MOZ_CRASHREPORTER_RESTART_ARG_1: -foreground
MOZ_CRASHREPORTER_DATA_DIRECTORY: /Users/yanir/Library/Application Support/Firefox/Crash Reports
MOZ_CRASHREPORTER_PING_DIRECTORY: /Users/yanir/Library/Application Support/Firefox/Pending Pings
MOZ_CRASHREPORTER_STRINGS_OVERRIDE: /Applications/Firefox.app/Contents/Resources/browser/crashreporter-override.ini
MOZ_LAUNCHED_CHILD:
MOZ_CRASHREPORTER_RESTART_ARG_2:
XRE_PROFILE_PATH:
XRE_PROFILE_LOCAL_PATH:
XRE_START_OFFLINE:
XRE_BINARY_PATH:
XRE_RESTARTED_BY_PROFILE_MANAGER:
MOZ_SAFE_MODE_RESTART:
MOZ_APP_RESTART: 1

Experimental Features
---------------------

about:home startup cache (browser.startup.homepage.abouthome_cache.enabled): false
Cookies: SameSite=Lax by default (network.cookie.sameSite.laxByDefault): false
Cookies: SameSite=None requires secure attribute (network.cookie.sameSite.noneRequiresSecure): false
Cookies: Schemeful SameSite (network.cookie.sameSite.schemeful): false
CSS: Constructable Stylesheets (layout.css.constructable-stylesheets.enabled): false
CSS: Masonry Layout (layout.css.grid-template-masonry-value.enabled): false
Developer Tools: Color Scheme Simulation (devtools.inspector.color-scheme-simulation.enabled): true
Developer Tools: Compatibility Panel (devtools.inspector.compatibility.enabled): false
Developer Tools: Execution Context Selector (devtools.webconsole.input.context): false
Developer Tools: Service Worker debugging (devtools.debugger.features.windowless-service-workers): false
Fission (Site Isolation) (fission.autostart): false
Media: AVIF (image.avif.enabled): false
Media: JPEG XL (image.jxl.enabled): false
Multiple Picture-in-Picture Support (media.videocontrols.picture-in-picture.allow-multiple): true
Address Bar: show results during IME composition (browser.urlbar.keepPanelOpenDuringImeComposition): false
Web API: inputmode (dom.forms.inputmode): false
Web API: WebGPU (dom.webgpu.enabled): false
WebRTC Global Mute Toggles (privacy.webrtc.globalMuteToggles): false
Win32k Lockdown (security.sandbox.content.win32k-disable): false

Remote Experiments
------------------

Important Modified Preferences
------------------------------

accessibility.typeaheadfind.flashBar: 0
browser.contentblocking.category: standard
browser.download.useDownloadDir: false
browser.search.region: IL
browser.sessionstore.upgradeBackup.latestBuildID: 20210716144314
browser.sessionstore.warnOnQuit: true
browser.startup.homepage_override.buildID: 20210716144314
browser.startup.homepage_override.mstone: 90.0.1
browser.startup.page: 3
browser.urlbar.placeholderName: Google
browser.urlbar.placeholderName.private: Google
browser.urlbar.resultBuckets: {"children":[{"maxResultCount":1,"children":[{"group":"heuristicTest"},{"group":"heuristicExtension"},{"group":"heuristi
browser.urlbar.tipShownCount.searchTip_onboard: 4
browser.urlbar.tipShownCount.searchTip_redirect: 1
browser.zoom.siteSpecific: false
doh-rollout.balrog-migration-done: true
doh-rollout.doneFirstRun: true
doh-rollout.home-region: IL
dom.push.userAgentID: e51e4944e82b4c24b0c4fd2f0e0e7677
extensions.lastAppVersion: 90.0.1
font.internaluseonly.changed: false
idle.lastDailyNotification: 1626694516
media.gmp-gmpopenh264.abi: aarch64-gcc3
media.gmp-gmpopenh264.lastUpdate: 1624951959
media.gmp-gmpopenh264.version: 1.8.1.1
media.gmp-manager.buildID: 20210716144314
media.gmp-manager.lastCheck: 1626706633
media.gmp-widevinecdm.abi: aarch64-gcc3
media.gmp-widevinecdm.lastUpdate: 1624951961
media.gmp-widevinecdm.version: 4.10.2209.1
media.gmp.storage.version.observed: 1
network.dns.disablePrefetch: true
network.http.speculative-parallel-limit: 0
network.predictor.enabled: false
network.prefetch-next: false
network.trr.blocklist_cleanup_done: true
places.database.lastMaintenance: 1626262701
privacy.purge_trackers.date_in_cookie_database: 0
privacy.purge_trackers.last_purge: 1626694516693
privacy.sanitize.pending: [{"id":"newtab-container","itemsToClear":[],"options":{}}]
privacy.userContext.enabled: true
privacy.userContext.extension: @contain-facebook
privacy.userContext.ui.enabled: true
security.remote_settings.crlite_filters.checked: 1626703719
security.remote_settings.intermediates.checked: 1626698616
security.sandbox.content.tempDirSuffix: 0816ce1b-dda9-6846-81a2-4b69fe35fa60
security.sandbox.plugin.tempDirSuffix: d590428c-1170-2248-9e4d-270241d56698
services.sync.declinedEngines: passwords,tabs,forms,history
services.sync.engine.creditcards: true
services.sync.engine.history: false
services.sync.engine.passwords: false
services.sync.engine.prefs.modified: false
services.sync.engine.tabs: false
services.sync.lastPing: 1626683333
services.sync.lastSync: Mon Jul 19 2021 18:47:21 GMT+0300 (Israel Daylight Time)
signon.rememberSignons: false
storage.vacuum.last.index: 1
storage.vacuum.last.places.sqlite: 1624960381

Important Locked Preferences
----------------------------

fission.autostart.session: false

Places Database
---------------

Accessibility
-------------

Activated: false
Prevent Accessibility: 0

Library Versions
----------------

NSPR
Expected minimum version: 4.31
Version in use: 4.31

NSS
Expected minimum version: 3.66
Version in use: 3.66

NSSSMIME
Expected minimum version: 3.66
Version in use: 3.66

NSSSSL
Expected minimum version: 3.66
Version in use: 3.66

NSSUTIL
Expected minimum version: 3.66
Version in use: 3.66

Sandbox
-------

Content Process Sandbox Level: 3
Effective Content Process Sandbox Level: 3
Win32k Lockdown State for Content Process: Win32k Lockdown disabled -- Operating system not supported

Startup Cache
-------------

Disk Cache Path: /Users/yanir/Library/Caches/Firefox/Profiles/sm9zr0s3.default-release-1/startupCache/startupCache.8.little
Ignore Disk Cache: false
Found Disk Cache on Init: false
Wrote to Disk Cache: true

Internationalization & Localization
-----------------------------------

Application Settings
Requested Locales: ["en-US"]
Available Locales: ["en-US"]
App Locales: ["en-US"]
Regional Preferences: ["en-IL","he-IL"]
Default Locale: "en-US"
Operating System
System Locales: ["en-IL","he-IL"]
Regional Preferences: ["en-IL","he-IL"]

Remote Debugging (Chromium Protocol)
------------------------------------

Accepting Connections: false
URL:

Printing
--------

Modified print settings
-----------------------

I've checked the browser console, and it now shows nothing at all (after erasing the log).
I've opened the developer console and I see this error after trying to browse where nothing happens - SSL_ERROR_PROTOCOL_VERSION_ALERT

Sorry for the spam, but since it's an SSL error, I now see that http:// normal links work! e.g. http://neverssl.com/
Any idea what else I can try to pinpoint the exact issue?

Maybe this will help?

Thanks for the link, I've tried it but I have it all on defaults - 3 and 4...
After some more searching, there's a bug for this issue already at https://bugzilla.mozilla.org/show_bug.cgi?id=1718520
They suggest disabling TLS version 4 by setting max to 3, I'll try it later when I get the chance.

To recap from what's been shared so far:

  1. Cannot visit https sites in normal browsing mode (requests are aborted), works fine in Private Browsing mode (video from comment 9).
  2. Request is aborted with the SSL_ERROR_PROTOCOL_VERSION_ALERT error (comment 12). This error also appeared at bug 1718520, which was reported only a week after yours.
  3. about:support in comment 11.

The error is reported at https://searchfox.org/mozilla-central/rev/a14ecd829fdb1e9780b7c100016c6a3d951cf7da/security/nss/lib/ssl/ssl3con.c#3082, so I'll move this bug to the NSS::Libraries component.

Assignee: nobody → nobody
Component: Untriaged → Libraries
Product: WebExtensions → NSS
See Also: → 1718520
Version: Firefox 89 → other
Summary: Browser console shows "Receiving end does not exist." errors → Cannot visit https websites (SSL_ERROR_PROTOCOL_VERSION_ALERT)

Is this exclusively Google sites, or is it every site?

We've been talking to Google about a problem like this and it seemed like the problem had been fixed according to the reporters on bug 1717644. This is definitely fresh though.

There is definitely a bug somewhere in our stack that we need to fix. We shouldn't be locking up like this. We'll need some networking expertise for that part. Kershaw, do you have time to do some investigation? (I can setup a server that produces the version alert if you need help.)

Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(yanir.jibly)
Flags: needinfo?(kershaw)
See Also: → 1717644

A couple more notes:

  1. I went on and installed Wireshark to provide a dump for when it happens, but then I realized I don't want to accidentally (even though it's SSL) share my google.com cookies, so I deleted them beforehand - and the issue doesn't reproduce after deleting them... That coincides with me being able to google freely when I start a new Private browsing window. Can I really share my Wireshark dump without worrying it may leak unwanted information?
  2. Other SSL sites work fine, only google.com / gmail.com don't work.
Flags: needinfo?(yanir.jibly)

(In reply to blueblue from comment #19)

A couple more notes:

  1. I went on and installed Wireshark to provide a dump for when it happens, but then I realized I don't want to accidentally (even though it's SSL) share my google.com cookies, so I deleted them beforehand - and the issue doesn't reproduce after deleting them... That coincides with me being able to google freely when I start a new Private browsing window. Can I really share my Wireshark dump without worrying it may leak unwanted information?
  2. Other SSL sites work fine, only google.com / gmail.com don't work.

Hi Reporter,

Could you try to capture a http log? The log contains cookies, so you may want to send the http log and wireshark log to my email address directly.

Thanks.

Flags: needinfo?(kershaw) → needinfo?(yanir.jibly)

I've attached a pcap (after clearing cookies) to bug #1717644, seems like it's the same issue as this one...

Flags: needinfo?(yanir.jibly)

BTW, it's worth noting that disable 0rtt in about:config makes the issue go away...

There is definitely a bug somewhere in our stack that we need to fix. We shouldn't be locking up like this. We'll need some networking expertise for that part. Kershaw, do you have time to do some investigation? (I can setup a server that produces the version alert if you need help.)

That'd be really helpful if we have a server that demonstrates this issue.
Martin, could you show me how to do this? Thanks.

Flags: needinfo?(mt)

Hi Kershaw,

This might be a big lengthy, but if you have run NSS stuff before, it's not TOO bad, but it takes a little time to get situated.

You will need a custom NSS (put this all in a new directory to keep this separate). You need gyp and ninja for this.

hg clone https://hg.mozilla.org/projects/nss ./nss
hg clone https://hg.mozilla.org/projects/nsr ./nspr
git clone https://github.com/mozilla/nss-tools ./nss-tools
cd nss
./build.sh
unzip x.zip # <-- this is this attachment
../nss-tools/nss-run.sh selfserv -p 6868 -n rsa -d ./db -Z -u

That will get the server running at https://localhost:6868/. Load that page so that you can accept the self-signed certificate in Firefox.

Then kill the server and apply the patch.

patch -p1 < protocol-version-alert.patch
./build.sh
../nss-tools/nss-run.sh selfserv -p 6868 -n rsa -d ./db -Z -u

Reloading https://localhost:6868/ should produce the alert about 40% of the time.

I'm not sure how helpful this is though. I've not seen the error that the reporter is seeing here; it produces the error page as you might expect. NSS might not be doing exactly the right thing here. You can try playing around with the conditions in the patch to see if things change. I've just made the error random, which might not be good enough.

Flags: needinfo?(mt)

Thanks for the detailed introduction! I did run the NSS server successfully, but I can't reproduce the issue in this bug.

According to the log provided by the reporter, I observed the similar symptom as the log in bug 1382886 comment #29. The log below repeats more than 1000 times in a short time, so socket thread comsumes a lot of CPU doing polling.

2021-07-20 07:54:21.423813 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport STS poll iter
2021-07-20 07:54:21.423815 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   active [3] { handler=140aa7c00 condition=0 pollflags=6 }
2021-07-20 07:54:21.423817 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::EnsureTimeout socket=140aa7c00
2021-07-20 07:54:21.423819 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   engaging
2021-07-20 07:54:21.423821 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   active [2] { handler=136ea2c00 condition=0 pollflags=5 }
2021-07-20 07:54:21.423823 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::EnsureTimeout socket=136ea2c00
2021-07-20 07:54:21.423825 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   engaging
2021-07-20 07:54:21.423827 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   active [1] { handler=137208400 condition=0 pollflags=5 }
2021-07-20 07:54:21.423829 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::EnsureTimeout socket=137208400
2021-07-20 07:54:21.423830 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   engaging
2021-07-20 07:54:21.423832 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   active [0] { handler=14e8e4c00 condition=0 pollflags=5 }
2021-07-20 07:54:21.423834 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::EnsureTimeout socket=14e8e4c00
2021-07-20 07:54:21.423836 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   engaging
2021-07-20 07:54:21.423838 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   calling PR_Poll [active=4 idle=0]
2021-07-20 07:54:21.423840 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::TimeoutIn socket=14e8e4c00, timeout=65535s
2021-07-20 07:54:21.423842 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   not engaged
2021-07-20 07:54:21.423844 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::TimeoutIn socket=137208400, timeout=65535s
2021-07-20 07:54:21.423846 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   not engaged
2021-07-20 07:54:21.423848 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::TimeoutIn socket=136ea2c00, timeout=65535s
2021-07-20 07:54:21.423850 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   not engaged
2021-07-20 07:54:21.423852 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::TimeoutIn socket=140aa7c00, timeout=65535s
2021-07-20 07:54:21.423854 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   not engaged
2021-07-20 07:54:21.423855 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport poll timeout: none
2021-07-20 07:54:21.423857 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport     timeout = -1 milliseconds
2021-07-20 07:54:21.423864 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport     ...returned after 0 milliseconds
2021-07-20 07:54:21.423866 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::TimeoutIn socket=14e8e4c00, timeout=65535s
2021-07-20 07:54:21.423868 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   not engaged
2021-07-20 07:54:21.423870 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::TimeoutIn socket=137208400, timeout=65535s
2021-07-20 07:54:21.423872 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   not engaged
2021-07-20 07:54:21.423874 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::TimeoutIn socket=136ea2c00, timeout=65535s
2021-07-20 07:54:21.423876 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport   not engaged
2021-07-20 07:54:21.423878 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport SocketContext::DisengageTimeout socket=140aa7c00
2021-07-20 07:54:21.423880 UTC - [Parent 6544: Socket Thread]: E/nsSocketTransport nsSocketTransport::OnSocketReady [this=140aa7c00 outFlags=2]
2021-07-20 07:54:21.423882 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport nsSocketOutputStream::OnSocketReady [this=140aa7ec0 cond=0]
2021-07-20 07:54:21.423884 UTC - [Parent 6544: Socket Thread]: V/nsHttp nsHttpConnection::OnSocketWritable [this=1412d1000] host=www.google.com
2021-07-20 07:54:21.423886 UTC - [Parent 6544: Socket Thread]: V/nsHttp nsHttpConnection::GetSecurityInfo trans=141feb000 tlsfilter=0 socket=140aa7c18
2021-07-20 07:54:21.423888 UTC - [Parent 6544: Socket Thread]: I/nsHttp Http2Session::ConfirmTLSProfile 141feb000 mConnection=13a6b3ac0
2021-07-20 07:54:21.423890 UTC - [Parent 6544: Socket Thread]: I/nsHttp Http2Session::ConfirmTLSProfile 141feb000 temporarily passing due to early data
2021-07-20 07:54:21.423892 UTC - [Parent 6544: Socket Thread]: I/nsHttp Http2Session::ReadSegments 141feb000
2021-07-20 07:54:21.423894 UTC - [Parent 6544: Socket Thread]: I/nsHttp Http2Session 141feb000 could not identify a stream to write; suspending.
2021-07-20 07:54:21.423897 UTC - [Parent 6544: Socket Thread]: V/nsHttp nsHttpConnection::EnsureNPNComplete [this=1412d1000] - written 0 bytes during 0RTT
2021-07-20 07:54:21.423899 UTC - [Parent 6544: Socket Thread]: V/nsHttp nsHttpConnection::OnSocketWritable 1412d1000 ReadSegments returned [rv=80470007 read=0 sock-cond=0 again=1]
2021-07-20 07:54:21.423901 UTC - [Parent 6544: Socket Thread]: D/nsSocketTransport nsSocketOutputStream::AsyncWait [this=140aa7ec0]

Reporter, could you try to get the http log again with adding pipnss:5 to MOZ_LOG environment variable? Could you also check if there is a high CPU usage when this happens? Thanks.

Flags: needinfo?(yanir.jibly)
See Also: → 1382886

(In reply to blueblue from comment #22)

BTW, it's worth noting that disable 0rtt in about:config makes the issue go away...

This seems like the same issue as bug 1718520. Should this be marked as a duplicate?

Flags: needinfo?(mt)

Sounds like a good idea.

Status: NEW → RESOLVED
Closed: 3 years ago
Flags: needinfo?(mt)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: