Closed Bug 545206 Opened 14 years ago Closed 9 years ago

Minefield gets SSL renegotiation errors with Skandiabanken bank

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: limi, Unassigned)

References

Details

How to reproduce:

1. Go to http://www.skandiabanken.no
2. Click "Logg inn" (left side)
3. Click the big lock icon to indicate that you want to log in
4. Get Firefox error page:

Secure Connection Failed        
An error occurred during a connection to cert.skandiabanken.no.
Renegotiation is not allowed on this SSL socket.
(Error code: ssl_error_renegotiation_not_allowed)

For the record, it works fine with Firefox 3.6.

There are some errors in the console:
secure.skandiabanken.no : potentially vulnerable to CVE-2009-3555

…but that's supposed to be unrelated, and not block access to the site, just warn.
Ah - yes, it took me a minute, but this, too, is deliberate.  See Kai's wiki page for details:

https://wiki.mozilla.org/Security:Renegotiation

Basically, with NSS 3.12.6, we:

- Warn in the error console for every vulnerable server (hence the latter part of your report)
- Refuse actual renegotiation requests from vulnerable servers (hence your proximate complaint).

The wiki page also talks about the temporary and permanent prefs at your disposal for changing this behaviour, but if your bank actually does need TLS renegotiation, they're gonna want to fix their servers -- we won't be the only browser doing this in the medium term.
I'll contact the bank and let them know. Thanks!
Depends on: 535649
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.3a2pre) Gecko/20100216 Minefield/3.7a2pre

Same issue with skandiabanken.se.
Same with startssl.com
Works for me.
Mozilla/5.0 (X11; Linux x86_64; rv:2.0) Gecko/20100101 Firefox/4.0

Same with skandiabanken.se.
reassign bug owner.
mass-update-kaie-20120918
Assignee: kaie → nobody
No longer a problem, right?
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.