This bug happens with NSS 3.12.2 (I believe it still happens with NSS 3.12.4 rc, but will give certain confirmation later) This bug happens with both: - the latest freebl/softoken code as included in NSS 3.12.2 - the FIPS approved freebl/softoken code from NSS 3.11.5 At this point I don't have a public test case, it needs to be reproduced with a certain SSL server, behind our firewall. But we're working on making a public test case available. What happens? Firefox displays "Connected to ... site" and stalls forever. This is with a minimal html page provided by the server (test.html) loaded using https. Why do I believe this is a client bug in NSS (rather than a server bug)? Because ssltap reports the client (firefox/nss) terminates the connection unexpectedly, while the server attempts to proceed with the connection. How can this be reproduced? - using the hidden server - using an official Linux Firefox 3.0.11 binary downloaded from mozilla.com - editing about:config prefs and setting all 6 camellia prefs to false - by connecting to the minimal test page repeatedly, quickly A single https load works fine. Multiple https loads work fine, too, if you do it slowly (wait for the page to load, then reload). The bug (deadlock/stalling) occurs when using the reload feature very quickly and often. This can be achieved, for example, by loading the page once, then hitting the F5 key about 20 times within 3 seconds. The cipher suite agreed to in the handshake is TLS/DHE-RSA/AES256-CBC/SHA The fact that disabling/enabling Camellia has an effect on the connection is a big surprise. I will attach more information when I have it.
Created attachment 385133 [details] good ssltap log Client: - latest Firefox 3.0.x cvs code (well, from one week ago) - which uses NSS_3_12_2_WITH_CKBI_1_75_RTM - new profile, default prefs (= camellia enabled) accessed page: - 3 times slowly - wait - 10 times quickly - wait - about 20 times quickly - quit No bug here, all worked well.
Created attachment 385137 [details] bad ssltap log Client: - same as before, same profile, but: - all 6 camellia prefs disadbled accessed page: - 3 times slowly - wait - 10 times quickly - (connection stalls already) - quit
Good news. It appears the PSM level patch in bug 412833 has the positive side effect to fix this issue. I'm waiting for final confirmation from QA.
Assuming this has been fixed.