Closed Bug 500424 Opened 15 years ago Closed 7 years ago

SSL network deadlock when Camellia is DISabled

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.12.2
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: KaiE, Unassigned)

Details

Attachments

(2 files)

good ssltap log
73.08 KB, text/plain
Details
bad ssltap log
31.99 KB, text/plain
Details 
This bug happens with NSS 3.12.2
(I believe it still happens with NSS 3.12.4 rc, but will give certain confirmation later)

This bug happens with both:
- the latest freebl/softoken code as included in NSS 3.12.2
- the FIPS approved freebl/softoken code from NSS 3.11.5

At this point I don't have a public test case, it needs to be reproduced with a certain SSL server, behind our firewall.
But we're working on making a public test case available.


What happens?
Firefox displays "Connected to ... site" and stalls forever.

This is with a minimal html page provided by the server (test.html) loaded using https.


Why do I believe this is a client bug in NSS (rather than a server bug)?
Because ssltap reports the client (firefox/nss) terminates the connection unexpectedly, while the server attempts to proceed with the connection.


How can this be reproduced?
- using the hidden server
- using an official Linux Firefox 3.0.11 binary downloaded from mozilla.com
- editing about:config prefs and setting all 6 camellia prefs to false
- by connecting to the minimal test page repeatedly, quickly

A single https load works fine.
Multiple https loads work fine, too, if you do it slowly (wait for the page to load, then reload).

The bug (deadlock/stalling) occurs when using the reload feature very quickly and often. This can be achieved, for example, by loading the page once, then hitting the F5 key about 20 times within 3 seconds.


The cipher suite agreed to in the handshake is
  TLS/DHE-RSA/AES256-CBC/SHA

The fact that disabling/enabling Camellia has an effect on the connection is a big surprise.

I will attach more information when I have it.
Attached file good ssltap log 
Client:
- latest Firefox 3.0.x cvs code (well, from one week ago)
- which uses NSS_3_12_2_WITH_CKBI_1_75_RTM
- new profile, default prefs (= camellia enabled)

accessed page:
- 3 times slowly
- wait
- 10 times quickly
- wait
- about 20 times quickly
- quit

No bug here, all worked well.
Attached file bad ssltap log 
Client:
- same as before, same profile, but:
- all 6 camellia prefs disadbled

accessed page:
- 3 times slowly
- wait
- 10 times quickly
- (connection stalls already)
- quit
Good news.

It appears the PSM level patch in bug 412833
has the positive side effect to fix this issue.

I'm waiting for final confirmation from QA.
Assuming this has been fixed.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: