Cannot reach a new secure site on first try

VERIFIED FIXED

Status

Core Graveyard
Security: UI
P3
normal
VERIFIED FIXED
18 years ago
a year ago

People

(Reporter: John Unruh, Assigned: Javier Delgadillo)

Tracking

1.0 Branch

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [nsbeta2-][nsbeta3+][PDTP3], URL)

(Reporter)

Description

18 years ago
1.) Visit a secure site you have never been to before with the present profile.
2.) Click past the two "New Web Site Cert" dialog boxes.
What happen: Mozilla stalls. Restarting Mozilla and then visiting the same site 
is successful.
(Reporter)

Comment 1

18 years ago
This worksforme with Win32, build 71020, but still happens with the Linux build 
#71020. Nominating for msbeta2.
Keywords: nsbeta2
OS: All → Linux
Hardware: All → Other
Summary: Cannot reach a new secure site on first try → Linux-Cannot reach a new secure site on first try

Comment 2

18 years ago
Putting on [nsbeta2+] radar for beta2 fix. 
Whiteboard: [nsbeta2+]
(Assignee)

Comment 3

18 years ago
I just tried this with last night's daily build of Mozilla and the PSM build 
from 2 nights ago.  Are you still seeing this behavior?  If so, update your 
builds and try again.
(Reporter)

Comment 4

18 years ago
Still happening with the Linux Seamonkey 71308 build.
(Assignee)

Comment 5

18 years ago
Could you at least try on a different machine.  To make sure it's not the 
machine that's causing the problem.  Also what version/build of PSM are you 
using.
(Reporter)

Comment 6

18 years ago
Marking worksforme. This seems to be a timing issue, since it works when I am 
logged into a linux machine directly. In any case, a workaround is to just click 
on the link again. Also, this would only happen when going to a site with an 
untrusted CA for the first time - a fairly rare occurence.
Status: NEW → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → WORKSFORME
(Reporter)

Comment 7

18 years ago
Verified.
Status: RESOLVED → VERIFIED
(Reporter)

Updated

18 years ago
Status: VERIFIED → REOPENED
Resolution: WORKSFORME → ---
(Reporter)

Comment 8

18 years ago
Reopening. This is still happening on Linux. After clicking through 2 "new web 
site cert" dialog boxes and ending up at the same page, the trick is to click on 
the link a second time, but this should not be necessary.

Comment 9

18 years ago
Putting on [nsbeta2-] radar.
Whiteboard: [nsbeta2+] → [nsbeta2-]
(Reporter)

Updated

18 years ago
Keywords: nsbeta3
Target Milestone: --- → M18

Updated

18 years ago
Blocks: 48444
(Assignee)

Updated

18 years ago
Whiteboard: [nsbeta2-] → [nsbeta2-][nsbeta3+]
(Assignee)

Comment 10

18 years ago
John, 

Is this still happening?  I tried this today on NT and worked.  (I remember you 
saying that it happened on all platforms, so I'm wondering if it still happens 
on Linux as well.)
(Reporter)

Comment 11

18 years ago
This still happens with linux, although the circumstances are quite rare. I have 
to go to an untrusted https site, such as a new cert server and click through 
two CA acceptance dialog boxes. With 4.7x, the windows appear faster, but if I 
take my time clicking through them, I can get a "A network error occurred while 
Netscape was receiving data. Try connecting again." It could be that this bug is 
really that there is no warning when a connection cannot be made, and is a 
duplicate of bug 33772 - No warning when connection is not possible. 
(Assignee)

Comment 12

18 years ago
With a Linux box, goto https://javi.red.iplanet.com:8080/

(You will also get an unexpected name dialog since the cert on the server is for 
javi.mcom.com)
(Reporter)

Comment 13

18 years ago
I can reach it on the first try, but I have to be fast on clicking through the 
dialog boxes. The oldmonk site seems slow enough so that I can't reach it on the 
first try - https://oldmonk.red.iplanet.com:3003/DirUserEnroll.html. Any 
thoughts on making this bug a dupe of bug 33772 ?
(Assignee)

Comment 14

18 years ago
This is not a dupe of bug 33772.  This is a dupe of the bug where SSL 
connections time-out if you let the SSL dialogs sit around for too long.

(I thought there was such a bug, but I can't find the number.)
(Reporter)

Comment 15

18 years ago
Adding nelsonb's comments, and changing url, and changing OS to all.
"Today, when user dialogs are required during an SSL handshake, either because
something's wrong with the server cert/chain or because the user has to 
select a cert for client auth, the SSL handshake is stalled while the user
dialogs are presented.  When the user dialogs are finished, the handshake 
resumes from the spot where it stalled, but often by that time, either the
server or the browser has timed-out on the connection, resulting in failure.

Microsoft's Internet Explorer (MSIE) handles such situations differently.  
When it has to present user dialogs, it silently terminates the SSL handshake
and the TCP connection to the server.  When the user dialog finishes, it 
establishes a new TCP connection and starts a new SSL handshake from scratch.  
Consequently, MSIE users never (er, very seldom) experience these timeout
failures.  I believe this is a superior way to handle these dialogs.

I propose that Mozilla and PSM change to use this abort-and-try-again 
technique, rather than the existing stall-and-continue technique.  I'd guess
this is not a small change, because I suspect it involves some communication
between Mozilla and PSM about terminating and restarting the connection over
which the request is to be sent.  But I believe it would be worth the effort
in terms of improved user perception."

OS: Linux → All
Hardware: Other → All
Summary: Linux-Cannot reach a new secure site on first try → Cannot reach a new secure site on first try
(Reporter)

Comment 16

18 years ago
Since this is nsbeta3+, setting priority to P2
Priority: P3 → P2

Comment 17

18 years ago
PDT thinks this is P3, due to perceived difficulty to reproduce, and expected 
rarity. Could reconsider if data shows otherwise. P3
Priority: P2 → P3
Whiteboard: [nsbeta2-][nsbeta3+] → [nsbeta2-][nsbeta3+][PDTP3]
(Assignee)

Comment 18

17 years ago
New target milestone.
Target Milestone: M18 → mozilla0.9.1

Comment 19

17 years ago
PSM 2.0 is now part of the mozilla and commercial builds and has fixed alot of 
UI and ssl bugs that were in PSM 1.X. I'm doing a mass setting of bugs to 
be FIXED. If you believe that I've closed a bug in error, please re-open it. 
Thanks.
Status: REOPENED → RESOLVED
Last Resolved: 18 years ago17 years ago
Resolution: --- → FIXED
(Reporter)

Comment 20

17 years ago
Verified.
Status: RESOLVED → VERIFIED
(Reporter)

Comment 21

17 years ago
Mass changing Security:Crypto to PSM
Component: Security: Crypto → Client Library
Product: Browser → PSM
Target Milestone: mozilla0.9.1 → ---
Version: other → 2.1
(Reporter)

Comment 22

17 years ago
Mass changing Security:Crypto to PSM

Updated

13 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

10 years ago
Version: psm2.1 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.