Closed Bug 363823 Opened 18 years ago Closed 18 years ago

"... has sent an incorrect or unexpected message. Error Code: -12263"

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 360052

People

(Reporter: voschix, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1) Gecko/20061010 Firefox/2.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1) Gecko/20061010 Firefox/2.0

The above site has an expired security certificate. This fact is correctly reported by Firefox 1.5.0.7 and by IE 7, and both give me the choice to continue accessing the site, but not by Firefox 2.0. Firefox 2.0 seems not to recognise the message sent  by outlook.jet.uk and produces this error message: "... has sent an incorrect or unexpected message. Error Code: -12263". It also does not give me the option to coninue, as far as I can see.

Reproducible: Always

Steps to Reproduce:
1. visit outlook.jet.uk
2. click the link "
Continue to outlook.jet.uk"
3.
Moving to Security, because no error on Error Console.

This Error Message also on Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20061204 GranParadiso/3.0a1
Component: Error Console → Security
QA Contact: javascript.console → firefox
Nelson Bolyard ranted about this error code recently, in bug 360052 comment 6.  I wonder why an expired certificate would trigger that, or why Firefox 1.5.0.x and Firefox 2 would differ.
Summary: wrong handling of expired security certificate → wrong handling of expired security certificate: "... has sent an incorrect or unexpected message. Error Code: -12263"
This error has absolutely NOTHING to do with expired certificates.
This server returns a response that is not valid for SSL 3.0/TLS.
It never gets to the point of sending a server certificate.  

Most likely, this is an SSL 2.0 only server that doesn't know how to 
properly handle SSL 3.0 or TLS.  We waited 10 years to drop SSL 2.0,
10 years from the date on which the SSL 3.0 specification came out,
and still some servers haven't yet learned to speak modern protocols
correctly, not even after 10 years.  

As I wrote in  bug 360052 comment 6, NSS has diagnosed the problem
correctly, bad server.  Please, let's not CC the NSS developers on 
every bug filed about a server that is 10+ years behind.  Let's make
sure that the error dialog clearly says "server is broken", and then 
move on.  

I don't want to see the NSS team get dragged into any more bug reports
about broken servers.  The NSS error messages are there to say:
server is broken.  That should suffice.  The servers get fixed, we all 
live happily ever after. 

By the way, Microsoft Vista has dropped SSL2 support too.  So don't waste
time saying "but it worked OK in that old browser."  Time marches on.  
Servers that don't keep up with the times (not even after 10 years) finally
lose out.  It's time.  


*** This bug has been marked as a duplicate of 360052 ***
URL: http://outlook.jet.ukhttps://outlook.jet.uk/
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Summary: wrong handling of expired security certificate: "... has sent an incorrect or unexpected message. Error Code: -12263" → "... has sent an incorrect or unexpected message. Error Code: -12263"
You need to log in before you can comment on or make changes to this bug.