Closed Bug 1727017 Opened 4 years ago Closed 4 years ago

universalextras.co.uk - SSL_ERROR_BAD_MAC_READ

Categories

(Web Compatibility :: Site Reports, defect)

Product:
Web Compatibility
Component:
Site Reports
Version:
Firefox 93
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

(firefox93 affected)

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
firefox93 --- affected

People

(Reporter: karlcow, Unassigned)

References

(
URL
)

Details

An error occurred during a connection to www.universalextras.co.uk. SSL received a record with an incorrect Message Authentication Code.

Error code: SSL_ERROR_BAD_MAC_READ

setting security.tls.version.fallback-limit to 1
doesn't solve the issue.

https://www.ssllabs.com/ssltest/analyze.html?d=universalextras.co.uk
Rating: A
This server supports TLS 1.3.

There are a lot of WEAK in TLS 1.2

kimura-san,
what do you think?

Flags: needinfo?(VYV03354)

setting security.tls.version.fallback-limit to 1

1 is not a valid value for security.tls.version.fallback-limit. Only 3 (TLS 1.2) and 4 (TLS 1.3) are valid values.

If I set security.tls.hello_downgrade_check to false and security.tls.version.fallback-limit to 3, I can access www.universalextras.co.uk. But Firefox should not require any setting changes because Chrome can access this site with TLS 1.3.

:mt, any insights?

Flags: needinfo?(mt)

This is down to the site choking on delegated credentials. Unfortunately, the presence of this extension causes the server to produce bad handshake keys, so I can't tell if it is due to the server attempting to negotiate the use of delegated credentials, or because the server is just unable to handle the unexpected extension.

Disabling security.tls.enable_delegated_credentials will fix the problem. Maybe follow up with others on the NSS team if you can discover more about why the server is unable to handle this.

(This is the first report I've heard about incompatibility with this extension, so this is notable on that basis alone.)

Flags: needinfo?(mt)

The issue no longer occurs on my side. The page loads without changing any config.
https://i.imgur.com/Zp2Kr00.png

Tested with:
Browser / Version: Firefox Nightly 98.0a1 (2022-01-31), Firefox Release 96.0
Operating System: Ubuntu 20.04.2, Windows 10 Pro

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED

The reporter also confirmed he can't reproduce the issue.

Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.