Closed
Bug 363823
Opened 18 years ago
Closed 18 years ago
"... has sent an incorrect or unexpected message. Error Code: -12263"
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 360052
People
(Reporter: voschix, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1) Gecko/20061010 Firefox/2.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1) Gecko/20061010 Firefox/2.0 The above site has an expired security certificate. This fact is correctly reported by Firefox 1.5.0.7 and by IE 7, and both give me the choice to continue accessing the site, but not by Firefox 2.0. Firefox 2.0 seems not to recognise the message sent by outlook.jet.uk and produces this error message: "... has sent an incorrect or unexpected message. Error Code: -12263". It also does not give me the option to coninue, as far as I can see. Reproducible: Always Steps to Reproduce: 1. visit outlook.jet.uk 2. click the link " Continue to outlook.jet.uk" 3.
Comment 1•18 years ago
|
||
Moving to Security, because no error on Error Console. This Error Message also on Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20061204 GranParadiso/3.0a1
Component: Error Console → Security
QA Contact: javascript.console → firefox
Comment 2•18 years ago
|
||
Nelson Bolyard ranted about this error code recently, in bug 360052 comment 6. I wonder why an expired certificate would trigger that, or why Firefox 1.5.0.x and Firefox 2 would differ.
Summary: wrong handling of expired security certificate → wrong handling of expired security certificate: "... has sent an incorrect or unexpected message. Error Code: -12263"
Comment 3•18 years ago
|
||
This error has absolutely NOTHING to do with expired certificates. This server returns a response that is not valid for SSL 3.0/TLS. It never gets to the point of sending a server certificate. Most likely, this is an SSL 2.0 only server that doesn't know how to properly handle SSL 3.0 or TLS. We waited 10 years to drop SSL 2.0, 10 years from the date on which the SSL 3.0 specification came out, and still some servers haven't yet learned to speak modern protocols correctly, not even after 10 years. As I wrote in bug 360052 comment 6, NSS has diagnosed the problem correctly, bad server. Please, let's not CC the NSS developers on every bug filed about a server that is 10+ years behind. Let's make sure that the error dialog clearly says "server is broken", and then move on. I don't want to see the NSS team get dragged into any more bug reports about broken servers. The NSS error messages are there to say: server is broken. That should suffice. The servers get fixed, we all live happily ever after. By the way, Microsoft Vista has dropped SSL2 support too. So don't waste time saying "but it worked OK in that old browser." Time marches on. Servers that don't keep up with the times (not even after 10 years) finally lose out. It's time. *** This bug has been marked as a duplicate of 360052 ***
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Summary: wrong handling of expired security certificate: "... has sent an incorrect or unexpected message. Error Code: -12263" → "... has sent an incorrect or unexpected message. Error Code: -12263"
You need to log in
before you can comment on or make changes to this bug.
Description
•