Minefield gets SSL renegotiation errors with Skandiabanken bank

RESOLVED WORKSFORME

Status

()

Core
Security: PSM
RESOLVED WORKSFORME
9 years ago
3 years ago

People

(Reporter: limi, Unassigned)

Tracking

Trunk
x86
Mac OS X
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

How to reproduce:

1. Go to http://www.skandiabanken.no
2. Click "Logg inn" (left side)
3. Click the big lock icon to indicate that you want to log in
4. Get Firefox error page:

Secure Connection Failed        
An error occurred during a connection to cert.skandiabanken.no.
Renegotiation is not allowed on this SSL socket.
(Error code: ssl_error_renegotiation_not_allowed)

For the record, it works fine with Firefox 3.6.

There are some errors in the console:
secure.skandiabanken.no : potentially vulnerable to CVE-2009-3555

…but that's supposed to be unrelated, and not block access to the site, just warn.
Ah - yes, it took me a minute, but this, too, is deliberate.  See Kai's wiki page for details:

https://wiki.mozilla.org/Security:Renegotiation

Basically, with NSS 3.12.6, we:

- Warn in the error console for every vulnerable server (hence the latter part of your report)
- Refuse actual renegotiation requests from vulnerable servers (hence your proximate complaint).

The wiki page also talks about the temporary and permanent prefs at your disposal for changing this behaviour, but if your bank actually does need TLS renegotiation, they're gonna want to fix their servers -- we won't be the only browser doing this in the medium term.
I'll contact the bank and let them know. Thanks!

Updated

9 years ago
Depends on: 535649

Comment 4

9 years ago
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.3a2pre) Gecko/20100216 Minefield/3.7a2pre

Same issue with skandiabanken.se.

Comment 5

9 years ago
Same with startssl.com

Updated

8 years ago
Duplicate of this bug: 579379

Comment 7

7 years ago
Works for me.
Mozilla/5.0 (X11; Linux x86_64; rv:2.0) Gecko/20100101 Firefox/4.0

Same with skandiabanken.se.

Comment 8

6 years ago
reassign bug owner.
mass-update-kaie-20120918
Assignee: kaie → nobody
No longer a problem, right?
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.