Closed Bug 693925 Opened 14 years ago Closed 12 years ago

Redirect loop on one page (maybe more, but not all pages) on sap.com with browsers that implement new anti-chosen-plaintext-attack mitigations

Categories

(Tech Evangelism Graveyard :: English US, defect, P1)

Product:
Tech Evangelism Graveyard
Component:
English US
Type:
defect

Tracking

(firefox10-)

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox10 - ---

People

(Reporter: flod, Unassigned)

References

(
URL
)

Details

(Keywords: regression)

When trying to visit the URL https://www.sap.com/campaign/2010_curr_sap_crystal_reports_2008/index.epx?kNtBzmUK9zU, I get the error "Firefox has detected that the server is redirecting the request for this address in a way that will never complete." Build ID: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111011 Firefox/10.0a1 I can visit that page without problems with Firefox 7.0, Safari or Chrome on the same Mac. Tried also with a fresh new profile without changes.
Some more details. Works with: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111007 Firefox/10.0a1 Doesn't work with: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111008 Firefox/10.0a1
confirming with Mozilla/5.0 (Windows NT 6.1; rv:10.0a1) Gecko/20111011 Firefox/10.0a1 SeaMonkey/2.7a1
OS: Mac OS X → All
Product: Firefox → Core
QA Contact: general → general
Ah, maybe the NSS upgrade?
Yep, hg bisect confirms that. Requesting tracking for this regression.
Assignee: nobody → nobody
Blocks: 669061
tracking-firefox10: --- → ?
Component: General → Libraries
Keywords: regression
Product: Core → NSS
QA Contact: general → libraries
Version: Trunk → trunk
The same problem occurs with Google Chrome Canary: Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects. I will investigate it more thoroughly Friday. This is probably related to the 1/(n-1) record splitting implemented in bug 665814.
Assignee: nobody → bsmith
Yes, it's 1/n-1 record splitting. This is a WontFix from Chrome; the site will have to be fixed. (Brian: the current list of known broken things are Brocade SSL terminators (at least some of them) and lighttpd < 1.4.27)
See bug 69820 comment 6 for an explanation.
Assignee: bsmith → english-us
Severity: normal → critical
Component: Libraries → English US
Priority: -- → P1
Product: NSS → Tech Evangelism
QA Contact: libraries → english-us
Hardware: x86 → All
Summary: Redirect loop visiting sap.com page → sap.com uses broken SSL implementation incompatible with new anti-chosen-plaintext-attack mitigations in browsers
Whiteboard: [server-has-broken-TLS-implementation]
Target Milestone: --- → Nov
Version: trunk → unspecified
Just to clarify: the broken code on the server side is most likely not the SSL library but rather some code *above* SSL. So "broken SSL implementation" is a little misleading. All SSL libraries should be able to handle an application_data record containing one byte of data. Most likely, some higher-layer code does not handle a partial read from SSL correctly.
Summary: sap.com uses broken SSL implementation incompatible with new anti-chosen-plaintext-attack mitigations in browsers → Redirect loop on one page (maybe more, but not all pages) on sap.com with browsers that implement new anti-chosen-plaintext-attack mitigations
Whiteboard: [server-has-broken-TLS-implementation]
Severity: critical → minor
No more a bug, working fine now.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.