_site_ received a message with incorrect Message Authentication Code.

RESOLVED INCOMPLETE

Status

()

RESOLVED INCOMPLETE
12 years ago
3 years ago

People

(Reporter: darin.moz, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 3 obsolete attachments)

(Reporter)

Description

12 years ago
_site_ received a message with incorrect Message Authentication Code.

A friend of mine is seeing this error with high frequency when using Firefox 2.0.0.2 on Mac OS X 10.4.  He sees it when visiting various HTTPS sites (banks, etc.).

It looks like this error dialog corresponds to PSMERR_BadMac.  I don't know what conditions lead to that error, but I doubt it is a server problem.
Without some URLs we'll never know what's going on.

Comment 2

12 years ago
I hadn't used Mac in a while.

I have a PowerPC Mac running OSX 10.4.8, just updated to the latest patches.

Using a fresh downloaded Firefox 2.0.0.2 I visited several secure sites, including my personal bank account, and it all worked fine, no error messages.

So a hint how to reproduce would be great.

If you're stuck, could your friend try to create a fresh profile?
I recently heard from another user who had strange problems, which did go away with a fresh profile.

If a fresh profile really helps, we'd be very much interested in the security db file.
(Reporter)

Comment 3

12 years ago
He says the problem occurs sometimes when visiting: https://www.paypal.com/
(Reporter)

Comment 4

12 years ago
Created attachment 257066 [details]
sample error dialog #1
(Reporter)

Comment 5

12 years ago
Created attachment 257069 [details]
sample error dialog #2

Comment 6

12 years ago
Created attachment 257073 [details]
sample error dialog #1 (png)

Re-Attaching as PNG so we can view from within the browser
Attachment #257066 - Attachment is obsolete: true

Comment 7

12 years ago
Created attachment 257074 [details]
sample error dialog #2 (png)

Re-Attaching as PNG so we can view from within the browser
Attachment #257069 - Attachment is obsolete: true

Comment 8

12 years ago
Created attachment 257075 [details]
sample error dialog #2 (really png)
Attachment #257074 - Attachment is obsolete: true
Comment on attachment 257073 [details]
sample error dialog #1 (png)

This bug's subject/summary says the problem is the error message:
" _site_ received a message with incorrect Message Authentication Code"
That's what we call a "bad MAC" error , MAC referring not to Macintosh,
but to Message Authentication Code"

SSL_ERROR_BAD_MAC_ALERT 	-12272 	
"SSL peer reports incorrect Message Authentication Code."

BUT This attachment's image reports error -12192, which is 

SSL_ERROR_DECRYPT_ERROR_ALERT 	-12192 	
"Peer reports failure of signature verification or key exchange."

That's NOT a "bad MAC" error.  Those two errors are very different.

So, now I have to ask: what error is this bug really about?

Comment 10

12 years ago
Nelson, as mentioned in comment 0, this bug is about the fact that a user experiences various SSL failures with various sites.

The two screenshots are two separate examples.

www.paypal.com gave SSL_ERROR_DECRYPT_ERROR_ALERT

securepics.ebaystatic.com gave SSL_ERROR_BAD_MAC_ALERT

Comment 11

12 years ago
Darin, Could you confirm that your friend owns at least 2 personal certificates?

I wonder if this bug is related to regression bug 370136.

If it is, your friend would see all success with Firefox 2.0.0.0
but problems with 2.0.0.1 and 2.0.0.2

The regression should be limited to web sites that require or optionally ask for a client authentication certificate.

It seems unlikely that www.paypal.com or securepics.ebaystatic.com are configured to ask for a client certificate - but maybe they are using a farm of servers, and at least one of them is configured to ask for it? (This would explain that the error is seen occasionally only).


For kicks I just ran 1000 connections to www.paypal.com, but the server never asked for client auth :-/
Re: comment 11, A problem with an SSL client auth cert could explain 
SSL_ERROR_DECRYPT_ERROR_ALERT, but not likely SSL_ERROR_BAD_MAC_ALERT.
But I think it's quite unlikely that paypal.com is requesting client auth.

Regarding comment 10, two sites with two separate errors should be two
separate bugs.
(Reporter)

Comment 13

12 years ago
No client certs are installed on the system where this problem keeps occuring.

Comment 14

12 years ago
(In reply to comment #13)
> No client certs are installed on the system where this problem keeps occuring.

Thanks, this means that bug 370136 can not be the cause.

I'm cc'ing Glen, who might have some ideas on this, because this bug is reported to happen on a Mac.

While so far I haven't been able to reproduce this on my limited testing on Mac, I should try to run a stress test software against these the reported sites, in the hope I can reproduce.

Darin, we are currently completely in the dark, why these failure occurr, and we are unable to reproduce.
Could you possible assist your friend to get us a SSL connection logs of such a failing session?

There is a command line tool called "ssltap" which can be used for that.
QA Contact: psm

Comment 15

6 years ago
reassign bug owner.
mass-update-kaie-20120918
Assignee: kaie → nobody
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.