Closed
Bug 726329
Opened 13 years ago
Closed 13 years ago
32-bit Checkpoint VPN server no longer works in Firefox 10
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 702111
People
(Reporter: Techx616, Unassigned)
Details
Attachments
(1 file)
|
23.05 KB,
image/png
|
Details |
FirefoxError.PNG
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
Build ID: 20120208060813
Steps to reproduce:
Went to our company's Checkpoint VPN page. When I got there I clicked Add exception, then confirm.
Actual results:
Was redirected to an error page saying "Connection Reset."
Expected results:
I should have been redirected to the VPN portal that runs on our servers. I would like to say this is definitely not a client side problem, no settings have changed, the network has not been changed and it is still accessible from other browsers.
|
||
Comment 1•13 years ago
|
||
I bet yet another user-agent sniffing can't deal with 2 digit major version numbers.
|
||
Comment 2•13 years ago
|
||
Did this work with FF9 ?
If it worked try this :
open "about:config" (without the quotes), confirm the warning, right click somewhere in the list and select new->string, enter "general.useragent.override" and as value "Mozilla/5.0 (Windows NT 6.1; rv:9.0) Gecko/20100101 Firefox/9.0" (all without quotes).
Don't forget the remove that setting after testing !
Just click in the added entry in the about:config list and select "reset".
|
Reporter | |
Comment 3•13 years ago
|
||
Still did not work with that setting in the about:config. I received the same error message. Also, just checked the error console and there is nothing in there either.
|
|
||
Comment 4•13 years ago
|
||
This is a https page ?
try this:
close Firefox, open a commandline prompt (windows: start/run/cmd), use the command "set NSS_SSL_CBC_RANDOM_IV=0" (without the quotes), change to the firefox directory from within this commandline prompt and start Firefox -> "cd \Program Files\Mozilla Firefox" , "firefox.exe".
Now test from again with this opened Firefox.
(i suspect bug 702111)
|
|
Reporter | |
Comment 5•13 years ago
|
||
It worked this time, thank you greatly for your help. This will prevent hundreds of employees from being locked out of doing their jobs. Is running this command once a permanent fix?
|
|
||
Comment 6•13 years ago
|
||
This is basically not a fix, it's only a workaround for a bug in your Checkpoint VPN server
I will try to explain the whole story behind this.
There is an attack for https connections called "beast attack".
A counter action is to put only 1 byte of the data in the first packet of the connection and everything else in the following packets.
This is and was always legal but some applications have a bug that you always see with this splitting. You can hit the same bug but very infrequently without this splitting.
Setting this environment variable disables this splitting feature in Gecko/Firefox as long as it's set.
You can of course add this env variable as global variable to your windows systems
but for a permanent fix you have to get a fix for your VPN server software that displays the https page.
Using comment#4 is no permanent fix. The environment variable is only valid for the Firefox.exe that is launched from this commandline prompt.
You can set either a global enviroment variable -> http://searchsystemschannel.techtarget.com/feature/Setting-Windows-7-environment-variables or use a batch file that sets the variable and launches Firefox.
BTW: IE, Chrome and AFAIK Opera are using the same splitting now
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•