Closed Bug 200121 Opened 21 years ago Closed 21 years ago

Error establishing encrypted connection.

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 111384

People

(Reporter: marcusma, Assigned: darin.moz)

References

(
URL
)

Details

Attachments

(1 file)

Problematic prefs.js file
4.53 KB, text/plain
Details 
User-Agent:       Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.3) Gecko/20030312
Build Identifier: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.3) Gecko/20030312

Many web-sites require security access to enable secure internet connection, and
encrypted transfer of sensitive/protected data. However when I attempt to access
such a site with Mozilla 1.3, the following error is displayed "Error
establishing an encrypted connection to uk4.directline.com. Error code: -5933".

Reproducible: Always

Steps to Reproduce:
1. Go to URL http://www.directline.co.uk, which will redirect you to
http://uk.directline.com/dl/directline.jsp.
2. Select 'Motor Insurance' from 'On the road' section.
3. Select 'Online quote', the browser will successfully connect to the site, but
when transferring data back will pause, then a dialog box with the error message
will appear.

Actual Results:  
Dialog box appears with the named error message.

Expected Results:  
Accessed the on-line quote area of the web-site. Use MS I.E 5.5 to see that the
web-site is accessable.

No additional information.
Does not seem to be security sensitive, removing flag. 

Reporter, please retest with Mozilla 1.4b.
Group: security
I get it with 1.4rc1, and got it with 1.3 as well.  This is some sort of
configuration problem, I think, as I've had installations on other boxes (with
the same OS) where it doesn't happen.
The error code I get though, is -5985

(Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030529)

To be clear, this is site-specific.  Some sites I can access, some I can't.
This is the prefs.js that, when in my profile, causes the error in the bug
report.

At no time did I ever edit this file by hand.
I think this is some sort of configuration problem in the prefs.js or prefs.bak
file.  I've attached the version that causes me problems.  I did not previously
edit the file manually.

The way that I fixed it (for me) is that I renamed my mozilla dir from :

C:\Documents and Settings\chq-kevink\Application Data\Mozilla

to

C:\Documents and Settings\chq-kevink\Application Data\NotMozillaAnymore
WFM:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030604

I did notice another problem with the quote page.  The "ASK US A QUESTION"
button and ribbon, and the S-shaped ribbon graphic to the right of it were
positioned too far right versus IE6, resulting in white background breaks
inbetween.  I'm not sure what the designer's intention was but a continuous red
graphic seems more likely (as rendered in IE6).

I have the same problem on the mentioned site.
Using 1.4RC2:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030612

I get the message :
Error establishing an encrypted connection to <URL>. Error Code: -5985

I have seen this also at 
https://www.certmanager.net/~sun_s/login.html
and
https://www.printme.com/support/adobe/index.html

If this is a configuration problem can anyone explain what is wrong?

Other sites are partly ok :
https://sourceforge.net/account/login.php

And other site fully ok :
https://login.yahoo.com
Michael, is this a new install, or have you upgraded from previous versions?
I have deinstalled my 1.3.1 on my Windows XP machine and installed
1.4. But I have not deleted my profile. I will try to delete my profile,
deinstall 1.4 and reinstall it. Maybe this gets fixed.
I will try it tomorrow.
Have found the problem:
set user_pref("security.OCSP.enabled", 0);
If it is 1 I get the errors.
Don't know what it do and where to set this in the preferences.
Have found where exactly the problem is : here we have a policy forbidding going
to external web without using the proxy.

And ocsp validation connection is done without using the proxy, (in my test case
a connection to ocsp.verisign.net. Thus our firewall blocks the connexion, which
then returns an ICMP "No route to Host" to Mozilla.

OCSP connexion should be done through the same proxy settings as browsing
(PS: this is not windows specific I get the case under Linux).

->networking
Assignee: asa → darin
Component: Browser-General → Networking
QA Contact: asa → benc
Ah, This finally pinpoints a problem I have been having with mozilla (many
versions) for over a year!!!!!
Current work around: go to Edit->Preferences->Privacy&security->Validation
and tick the "Do not use OCSP..." box. 
I know that may lead to security problems, but is the ONLY way to access certain
secure servers from behind a proxy where outgoing http request are blocked.
yes, that's known if you use a proxy.
This is very easy to find if you search in the right component and the error code.

*** This bug has been marked as a duplicate of 111384 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
-> PSM.
Component: Networking → Client Library
Product: Browser → PSM
QA Contact: benc → junruh
Version: Trunk → 1.01
Product: PSM → Core
Version: psm1.01 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: