Closed
Bug 225159
Opened 21 years ago
Closed 21 years ago
Error -8183 with www.sslhost.com
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: incze, Assigned: KaiE)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703 Build Identifier: mozilla-win32-1.5 latest (and before) When encountering a bad certificate in some cases the client will display an error message instead of prompting the user. When the error is displayed the connection will always fail and the user have to restart the browser to be able to connect to the site with the questionable certificate. The message displayed is: Error establishing an encrypted connection to www.sslhost.com. Error Code: -8183. I'm aware of some issues in the bugtraq base wich seems to be related to this error, e.g. <a href="http://bugzilla.mozilla.org/show_bug.cgi?id=124901">Issue #124901</a> (see comment #15). But my experience is different. In my case, at the 1st connection an alarm dialog allways pops up, and you can set up the connection after okeying it. This error message pops up randomly during a long ssl session, probably when the browser tries to reconnect for some reason, or tries to open a new connection to the same place in a new window, etc. The certificate of the sever is known to be bad (domain name mismatch). I've seen a very similar report in the advisory <a href="http://netscape.intelligent.net/redisa/ssl_spoof.html">SSL Spoofing Vulnerability in SSL Client Applications</a>. Reproducible: Couldn't Reproduce Steps to Reproduce: 1. 2. 3. Actual Results: Error establishing an encrypted connection to www.sslhost.com. Error Code: -8183. Expected Results: Security error: Domain Name Mismatch dialog box (OK, cancl, help, view certificate)
Comment 1•21 years ago
|
||
I can also confirm this. First, visit https://test.breezeway.tv (cert name mismatch) and accept the cert error, then try to visit https://www.breezeway.tv . This broke sometime after 1.5... For severity I would rate this HIGH, becasue it diminishes the user experience for perfectly valid sites after visiting one bad one -- and it was working before.
Comment 2•21 years ago
|
||
j.Ruchatz@altendorf.de experienced that bug "Error establishing an encrypted connection to login.passport.com. Error Code: -5985." when logging in to Microsoft's .NET . Mozilla Ver 1.6a, OS = Win XP. MS Explorer was successful on the same PC.
Comment 3•21 years ago
|
||
Still broken on 11 dec 2003 build.......
Comment 4•21 years ago
|
||
I think this bug should be raised to a critical level - if it makes into the 1.6 (which is now BETA!) then a release version would be heavily broken... As it stands its still unconfirmed! Can the bug author chnage its severity?
Comment 5•21 years ago
|
||
*** Bug 228380 has been marked as a duplicate of this bug. ***
Comment 6•21 years ago
|
||
When a bug is assigned to the wrong component, it is not likely to be noticed by the right people. Changing to component PSM. It may later be changed to NSS.
Component: Security: General → Client Library
Product: Browser → PSM
Version: Trunk → unspecified
Updated•21 years ago
|
Assignee: security-bugs → kaie
QA Contact: bmartin
Comment 7•21 years ago
|
||
This bug began as a report of error -8183 when visiting https://www.sslhost.com/ The complaint was that mozilla does not give the user the chance to override the error and continue. More about that below. Comments 1-5 seem to be about different error codes at different sites, and I believe those issues have now all been resolved in bug 191845. But they are definitely different problems, not the same as -8183. Please take any further discussion of those issues to bug 191845. Error -8183 (documented at http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html#1037299 ) means that the cert was improperly formatted. because of that problem, Mozilla cannot parse it and extract the public key from it. Without the server's public key, there is NO WAY that mozilla (or any https client) can succesfully communicate with the server. So, the request to allow the user to bypass error -8183 is invalid, and this bug will be resolved as such. Perhaps the reporter meant some other error code. The reporter also describes a name mismatch, which is not error -8183. Reporter, if you want to ammend your original statement and cite a different error code, you may reopen this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
Summary: Error establishing an encrypted connection to www.sslhost.com. Error Code: -8183. → Error -8183 with www.sslhost.com
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•