The default bug view has changed. See this FAQ.

Redirect loop on one page (maybe more, but not all pages) on sap.com with browsers that implement new anti-chosen-plaintext-attack mitigations

RESOLVED WORKSFORME

Status

Tech Evangelism Graveyard
English US
P1
minor
RESOLVED WORKSFORME
6 years ago
2 years ago

People

(Reporter: flod, Unassigned)

Tracking

({regression})

unspecified
regression

Details

(URL)

(Reporter)

Description

6 years ago
When trying to visit the URL https://www.sap.com/campaign/2010_curr_sap_crystal_reports_2008/index.epx?kNtBzmUK9zU, I get the error "Firefox has detected that the server is redirecting the request for this address in a way that will never complete."

Build ID: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111011 Firefox/10.0a1

I can visit that page without problems with Firefox 7.0, Safari or Chrome on the same Mac. Tried also with a fresh new profile without changes.
(Reporter)

Comment 1

6 years ago
Some more details.

Works with: 
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111007 Firefox/10.0a1

Doesn't work with: 
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111008 Firefox/10.0a1
confirming with Mozilla/5.0 (Windows NT 6.1; rv:10.0a1) Gecko/20111011 Firefox/10.0a1 SeaMonkey/2.7a1
Component: General → General
OS: Mac OS X → All
Product: Firefox → Core
QA Contact: general → general
Looks like the range is http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=c3a50afc2243&tochange=6c780dcb4b99 but nothing jumps out at me there...
Ah, maybe the NSS upgrade?
Yep, hg bisect confirms that.

Requesting tracking for this regression.
Assignee: nobody → nobody
Blocks: 669061
tracking-firefox10: --- → ?
Component: General → Libraries
Keywords: regression
Product: Core → NSS
QA Contact: general → libraries
Version: Trunk → trunk
The same problem occurs with Google Chrome Canary: Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.

I will investigate it more thoroughly Friday. This is probably related to the 1/(n-1) record splitting implemented in bug 665814.
Assignee: nobody → bsmith

Comment 7

6 years ago
Yes, it's 1/n-1 record splitting. This is a WontFix from Chrome; the site will have to be fixed.

(Brian: the current list of known broken things are Brocade SSL terminators (at least some of them) and lighttpd < 1.4.27)
See bug 69820 comment 6 for an explanation.
Assignee: bsmith → english-us
Severity: normal → critical
Component: Libraries → English US
Priority: -- → P1
Product: NSS → Tech Evangelism
QA Contact: libraries → english-us
Hardware: x86 → All
Summary: Redirect loop visiting sap.com page → sap.com uses broken SSL implementation incompatible with new anti-chosen-plaintext-attack mitigations in browsers
Whiteboard: [server-has-broken-TLS-implementation]
Target Milestone: --- → Nov
Version: trunk → unspecified

Comment 9

6 years ago
Just to clarify: the broken code on the server side is most likely
not the SSL library but rather some code *above* SSL.  So
"broken SSL implementation" is a little misleading.

All SSL libraries should be able to handle an application_data
record containing one byte of data.  Most likely, some higher-layer
code does not handle a partial read from SSL correctly.
Summary: sap.com uses broken SSL implementation incompatible with new anti-chosen-plaintext-attack mitigations in browsers → Redirect loop on one page (maybe more, but not all pages) on sap.com with browsers that implement new anti-chosen-plaintext-attack mitigations
Whiteboard: [server-has-broken-TLS-implementation]
Severity: critical → minor

Updated

5 years ago
tracking-firefox10: ? → -
(Reporter)

Comment 10

4 years ago
No more a bug, working fine now.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.