Closed Bug 693925 Opened 9 years ago Closed 8 years ago
Redirect loop on one page (maybe more, but not all pages) on sap
.com with browsers that implement new anti-chosen-plaintext-attack mitigations
When trying to visit the URL https://www.sap.com/campaign/2010_curr_sap_crystal_reports_2008/index.epx?kNtBzmUK9zU, I get the error "Firefox has detected that the server is redirecting the request for this address in a way that will never complete." Build ID: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111011 Firefox/10.0a1 I can visit that page without problems with Firefox 7.0, Safari or Chrome on the same Mac. Tried also with a fresh new profile without changes.
Some more details. Works with: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111007 Firefox/10.0a1 Doesn't work with: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a1) Gecko/20111008 Firefox/10.0a1
confirming with Mozilla/5.0 (Windows NT 6.1; rv:10.0a1) Gecko/20111011 Firefox/10.0a1 SeaMonkey/2.7a1
OS: Mac OS X → All
Product: Firefox → Core
QA Contact: general → general
Looks like the range is http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=c3a50afc2243&tochange=6c780dcb4b99 but nothing jumps out at me there...
Ah, maybe the NSS upgrade?
Yep, hg bisect confirms that. Requesting tracking for this regression.
The same problem occurs with Google Chrome Canary: Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects. I will investigate it more thoroughly Friday. This is probably related to the 1/(n-1) record splitting implemented in bug 665814.
Assignee: nobody → bsmith
Yes, it's 1/n-1 record splitting. This is a WontFix from Chrome; the site will have to be fixed. (Brian: the current list of known broken things are Brocade SSL terminators (at least some of them) and lighttpd < 1.4.27)
See bug 69820 comment 6 for an explanation.
Assignee: bsmith → english-us
Severity: normal → critical
Component: Libraries → English US
Priority: -- → P1
Product: NSS → Tech Evangelism
QA Contact: libraries → english-us
Hardware: x86 → All
Summary: Redirect loop visiting sap.com page → sap.com uses broken SSL implementation incompatible with new anti-chosen-plaintext-attack mitigations in browsers
Target Milestone: --- → Nov
Version: trunk → unspecified
Just to clarify: the broken code on the server side is most likely not the SSL library but rather some code *above* SSL. So "broken SSL implementation" is a little misleading. All SSL libraries should be able to handle an application_data record containing one byte of data. Most likely, some higher-layer code does not handle a partial read from SSL correctly.
Summary: sap.com uses broken SSL implementation incompatible with new anti-chosen-plaintext-attack mitigations in browsers → Redirect loop on one page (maybe more, but not all pages) on sap.com with browsers that implement new anti-chosen-plaintext-attack mitigations
No more a bug, working fine now.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.