SSL network deadlock when Camellia is DISabled

RESOLVED FIXED

Status

NSS
Libraries
RESOLVED FIXED
8 years ago
9 months ago

People

(Reporter: kaie, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

8 years ago
This bug happens with NSS 3.12.2
(I believe it still happens with NSS 3.12.4 rc, but will give certain confirmation later)

This bug happens with both:
- the latest freebl/softoken code as included in NSS 3.12.2
- the FIPS approved freebl/softoken code from NSS 3.11.5

At this point I don't have a public test case, it needs to be reproduced with a certain SSL server, behind our firewall.
But we're working on making a public test case available.


What happens?
Firefox displays "Connected to ... site" and stalls forever.

This is with a minimal html page provided by the server (test.html) loaded using https.


Why do I believe this is a client bug in NSS (rather than a server bug)?
Because ssltap reports the client (firefox/nss) terminates the connection unexpectedly, while the server attempts to proceed with the connection.


How can this be reproduced?
- using the hidden server
- using an official Linux Firefox 3.0.11 binary downloaded from mozilla.com
- editing about:config prefs and setting all 6 camellia prefs to false
- by connecting to the minimal test page repeatedly, quickly

A single https load works fine.
Multiple https loads work fine, too, if you do it slowly (wait for the page to load, then reload).

The bug (deadlock/stalling) occurs when using the reload feature very quickly and often. This can be achieved, for example, by loading the page once, then hitting the F5 key about 20 times within 3 seconds.


The cipher suite agreed to in the handshake is
  TLS/DHE-RSA/AES256-CBC/SHA

The fact that disabling/enabling Camellia has an effect on the connection is a big surprise.

I will attach more information when I have it.
(Reporter)

Comment 1

8 years ago
Created attachment 385133 [details]
good ssltap log


Client:
- latest Firefox 3.0.x cvs code (well, from one week ago)
- which uses NSS_3_12_2_WITH_CKBI_1_75_RTM
- new profile, default prefs (= camellia enabled)

accessed page:
- 3 times slowly
- wait
- 10 times quickly
- wait
- about 20 times quickly
- quit

No bug here, all worked well.
(Reporter)

Comment 2

8 years ago
Created attachment 385137 [details]
bad ssltap log


Client:
- same as before, same profile, but:
- all 6 camellia prefs disadbled

accessed page:
- 3 times slowly
- wait
- 10 times quickly
- (connection stalls already)
- quit
(Reporter)

Comment 3

8 years ago
Good news.

It appears the PSM level patch in bug 412833
has the positive side effect to fix this issue.

I'm waiting for final confirmation from QA.
Assuming this has been fixed.
Status: NEW → RESOLVED
Last Resolved: 9 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.