Closed
Bug 372408
Opened 17 years ago
Closed 8 years ago
_site_ received a message with incorrect Message Authentication Code.
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: darin.moz, Unassigned)
Details
Attachments
(2 files, 3 obsolete files)
_site_ received a message with incorrect Message Authentication Code. A friend of mine is seeing this error with high frequency when using Firefox 2.0.0.2 on Mac OS X 10.4. He sees it when visiting various HTTPS sites (banks, etc.). It looks like this error dialog corresponds to PSMERR_BadMac. I don't know what conditions lead to that error, but I doubt it is a server problem.
Comment 1•17 years ago
|
||
Without some URLs we'll never know what's going on.
Comment 2•17 years ago
|
||
I hadn't used Mac in a while. I have a PowerPC Mac running OSX 10.4.8, just updated to the latest patches. Using a fresh downloaded Firefox 2.0.0.2 I visited several secure sites, including my personal bank account, and it all worked fine, no error messages. So a hint how to reproduce would be great. If you're stuck, could your friend try to create a fresh profile? I recently heard from another user who had strange problems, which did go away with a fresh profile. If a fresh profile really helps, we'd be very much interested in the security db file.
Reporter | ||
Comment 3•17 years ago
|
||
He says the problem occurs sometimes when visiting: https://www.paypal.com/
Reporter | ||
Comment 4•17 years ago
|
||
Reporter | ||
Comment 5•17 years ago
|
||
Comment 6•17 years ago
|
||
Re-Attaching as PNG so we can view from within the browser
Attachment #257066 -
Attachment is obsolete: true
Comment 7•17 years ago
|
||
Re-Attaching as PNG so we can view from within the browser
Attachment #257069 -
Attachment is obsolete: true
Comment 8•17 years ago
|
||
Attachment #257074 -
Attachment is obsolete: true
Comment 9•17 years ago
|
||
Comment on attachment 257073 [details]
sample error dialog #1 (png)
This bug's subject/summary says the problem is the error message:
" _site_ received a message with incorrect Message Authentication Code"
That's what we call a "bad MAC" error , MAC referring not to Macintosh,
but to Message Authentication Code"
SSL_ERROR_BAD_MAC_ALERT -12272
"SSL peer reports incorrect Message Authentication Code."
BUT This attachment's image reports error -12192, which is
SSL_ERROR_DECRYPT_ERROR_ALERT -12192
"Peer reports failure of signature verification or key exchange."
That's NOT a "bad MAC" error. Those two errors are very different.
So, now I have to ask: what error is this bug really about?
Comment 10•17 years ago
|
||
Nelson, as mentioned in comment 0, this bug is about the fact that a user experiences various SSL failures with various sites. The two screenshots are two separate examples. www.paypal.com gave SSL_ERROR_DECRYPT_ERROR_ALERT securepics.ebaystatic.com gave SSL_ERROR_BAD_MAC_ALERT
Comment 11•17 years ago
|
||
Darin, Could you confirm that your friend owns at least 2 personal certificates? I wonder if this bug is related to regression bug 370136. If it is, your friend would see all success with Firefox 2.0.0.0 but problems with 2.0.0.1 and 2.0.0.2 The regression should be limited to web sites that require or optionally ask for a client authentication certificate. It seems unlikely that www.paypal.com or securepics.ebaystatic.com are configured to ask for a client certificate - but maybe they are using a farm of servers, and at least one of them is configured to ask for it? (This would explain that the error is seen occasionally only). For kicks I just ran 1000 connections to www.paypal.com, but the server never asked for client auth :-/
Comment 12•17 years ago
|
||
Re: comment 11, A problem with an SSL client auth cert could explain SSL_ERROR_DECRYPT_ERROR_ALERT, but not likely SSL_ERROR_BAD_MAC_ALERT. But I think it's quite unlikely that paypal.com is requesting client auth. Regarding comment 10, two sites with two separate errors should be two separate bugs.
Reporter | ||
Comment 13•17 years ago
|
||
No client certs are installed on the system where this problem keeps occuring.
Comment 14•17 years ago
|
||
(In reply to comment #13) > No client certs are installed on the system where this problem keeps occuring. Thanks, this means that bug 370136 can not be the cause. I'm cc'ing Glen, who might have some ideas on this, because this bug is reported to happen on a Mac. While so far I haven't been able to reproduce this on my limited testing on Mac, I should try to run a stress test software against these the reported sites, in the hope I can reproduce. Darin, we are currently completely in the dark, why these failure occurr, and we are unable to reproduce. Could you possible assist your friend to get us a SSL connection logs of such a failing session? There is a command line tool called "ssltap" which can be used for that.
Updated•17 years ago
|
QA Contact: psm
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•