Last Comment Bug 693925 - Redirect loop on one page (maybe more, but not all pages) on sap.com with browsers that implement new anti-chosen-plaintext-attack mitigations
: Redirect loop on one page (maybe more, but not all pages) on sap.com with bro...
Status: RESOLVED WORKSFORME
: regression
Product: Tech Evangelism Graveyard
Classification: Graveyard
Component: English US (show other bugs)
: unspecified
: All All
P1 minor
: Nov
Assigned To: english-us
:
:
Mentors:
https://www.sap.com/campaign/2010_cur...
Depends on:
Blocks: 669061
  Show dependency treegraph
 
Reported: 2011-10-12 00:16 PDT by Francesco Lodolo [:flod]
Modified: 2015-04-19 23:39 PDT (History)
8 users (show)
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description User image Francesco Lodolo [:flod] 2011-10-12 00:16:40 PDT
When trying to visit the URL https://www.sap.com/campaign/2010_curr_sap_crystal_reports_2008/index.epx?kNtBzmUK9zU, I get the error "Firefox has detected that the server is redirecting the request for this address in a way that will never complete."

Build ID: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111011 Firefox/10.0a1

I can visit that page without problems with Firefox 7.0, Safari or Chrome on the same Mac. Tried also with a fresh new profile without changes.
Comment 1 User image Francesco Lodolo [:flod] 2011-10-12 00:28:15 PDT
Some more details.

Works with: 
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111007 Firefox/10.0a1

Doesn't work with: 
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111008 Firefox/10.0a1
Comment 2 User image Matthias Versen [:Matti] 2011-10-13 15:46:43 PDT
confirming with Mozilla/5.0 (Windows NT 6.1; rv:10.0a1) Gecko/20111011 Firefox/10.0a1 SeaMonkey/2.7a1
Comment 3 User image Boris Zbarsky [:bz] (still a bit busy) 2011-10-13 20:26:43 PDT
Looks like the range is http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=c3a50afc2243&tochange=6c780dcb4b99 but nothing jumps out at me there...
Comment 4 User image Boris Zbarsky [:bz] (still a bit busy) 2011-10-13 21:57:41 PDT
Ah, maybe the NSS upgrade?
Comment 5 User image Boris Zbarsky [:bz] (still a bit busy) 2011-10-13 23:17:59 PDT
Yep, hg bisect confirms that.

Requesting tracking for this regression.
Comment 6 User image Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2011-10-14 01:24:23 PDT
The same problem occurs with Google Chrome Canary: Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.

I will investigate it more thoroughly Friday. This is probably related to the 1/(n-1) record splitting implemented in bug 665814.
Comment 7 User image Adam Langley 2011-10-14 07:24:37 PDT
Yes, it's 1/n-1 record splitting. This is a WontFix from Chrome; the site will have to be fixed.

(Brian: the current list of known broken things are Brocade SSL terminators (at least some of them) and lighttpd < 1.4.27)
Comment 8 User image Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2011-10-29 13:30:55 PDT
See bug 69820 comment 6 for an explanation.
Comment 9 User image Wan-Teh Chang 2011-10-29 16:25:04 PDT
Just to clarify: the broken code on the server side is most likely
not the SSL library but rather some code *above* SSL.  So
"broken SSL implementation" is a little misleading.

All SSL libraries should be able to handle an application_data
record containing one byte of data.  Most likely, some higher-layer
code does not handle a partial read from SSL correctly.
Comment 10 User image Francesco Lodolo [:flod] 2013-06-28 23:26:03 PDT
No more a bug, working fine now.

Note You need to log in before you can comment on or make changes to this bug.