Note: There are a few cases of duplicates in user autocompletion which are being worked on.

Redirect loop on one page (maybe more, but not all pages) on sap.com with browsers that implement new anti-chosen-plaintext-attack mitigations

RESOLVED WORKSFORME

Status

Tech Evangelism Graveyard
English US
P1
minor
RESOLVED WORKSFORME
6 years ago
2 years ago

People

(Reporter: flod, Unassigned)

Tracking

({regression})

unspecified
regression

Details

(URL)

(Reporter)

Description

6 years ago
When trying to visit the URL https://www.sap.com/campaign/2010_curr_sap_crystal_reports_2008/index.epx?kNtBzmUK9zU, I get the error "Firefox has detected that the server is redirecting the request for this address in a way that will never complete."

Build ID: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111011 Firefox/10.0a1

I can visit that page without problems with Firefox 7.0, Safari or Chrome on the same Mac. Tried also with a fresh new profile without changes.
(Reporter)

Comment 1

6 years ago
Some more details.

Works with: 
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111007 Firefox/10.0a1

Doesn't work with: 
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111008 Firefox/10.0a1
confirming with Mozilla/5.0 (Windows NT 6.1; rv:10.0a1) Gecko/20111011 Firefox/10.0a1 SeaMonkey/2.7a1
Component: General → General
OS: Mac OS X → All
Product: Firefox → Core
QA Contact: general → general

Comment 3

6 years ago
Looks like the range is http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=c3a50afc2243&tochange=6c780dcb4b99 but nothing jumps out at me there...

Comment 4

6 years ago
Ah, maybe the NSS upgrade?

Comment 5

6 years ago
Yep, hg bisect confirms that.

Requesting tracking for this regression.
Assignee: nobody → nobody
Blocks: 669061
tracking-firefox10: --- → ?
Component: General → Libraries
Keywords: regression
Product: Core → NSS
QA Contact: general → libraries
Version: Trunk → trunk
The same problem occurs with Google Chrome Canary: Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.

I will investigate it more thoroughly Friday. This is probably related to the 1/(n-1) record splitting implemented in bug 665814.
Assignee: nobody → bsmith

Comment 7

6 years ago
Yes, it's 1/n-1 record splitting. This is a WontFix from Chrome; the site will have to be fixed.

(Brian: the current list of known broken things are Brocade SSL terminators (at least some of them) and lighttpd < 1.4.27)
See bug 69820 comment 6 for an explanation.
Assignee: bsmith → english-us
Severity: normal → critical
Component: Libraries → English US
Priority: -- → P1
Product: NSS → Tech Evangelism
QA Contact: libraries → english-us
Hardware: x86 → All
Summary: Redirect loop visiting sap.com page → sap.com uses broken SSL implementation incompatible with new anti-chosen-plaintext-attack mitigations in browsers
Whiteboard: [server-has-broken-TLS-implementation]
Target Milestone: --- → Nov
Version: trunk → unspecified

Comment 9

6 years ago
Just to clarify: the broken code on the server side is most likely
not the SSL library but rather some code *above* SSL.  So
"broken SSL implementation" is a little misleading.

All SSL libraries should be able to handle an application_data
record containing one byte of data.  Most likely, some higher-layer
code does not handle a partial read from SSL correctly.
Summary: sap.com uses broken SSL implementation incompatible with new anti-chosen-plaintext-attack mitigations in browsers → Redirect loop on one page (maybe more, but not all pages) on sap.com with browsers that implement new anti-chosen-plaintext-attack mitigations
Whiteboard: [server-has-broken-TLS-implementation]
Severity: critical → minor

Updated

6 years ago
tracking-firefox10: ? → -
(Reporter)

Comment 10

4 years ago
No more a bug, working fine now.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.