Closed Bug 726329 Opened 12 years ago Closed 12 years ago

32-bit Checkpoint VPN server no longer works in Firefox 10

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
10 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 702111

People

(Reporter: Techx616, Unassigned)

Details

Attachments

(1 file)

FirefoxError.PNG
23.05 KB, image/png
Details
Attached image FirefoxError.PNG 
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
Build ID: 20120208060813

Steps to reproduce:

Went to our company's Checkpoint VPN page.  When I got there I clicked Add exception, then confirm.


Actual results:

Was redirected to an error page saying "Connection Reset."


Expected results:

I should have been redirected to the VPN portal that runs on our servers.  I would like to say this is definitely not a client side problem, no settings have changed, the network has not been changed and it is still accessible from other browsers.
I bet yet another user-agent sniffing can't deal with 2 digit major version numbers.
Did this work with FF9 ?
If it worked try this : 
open "about:config" (without the quotes), confirm the warning, right click somewhere in the list and select new->string, enter "general.useragent.override" and as value "Mozilla/5.0 (Windows NT 6.1; rv:9.0) Gecko/20100101 Firefox/9.0" (all without quotes).

Don't forget the remove that setting after testing !
Just click in the added entry in the about:config list and select "reset".
Still did not work with that setting in the about:config.  I received the same error message.  Also, just checked the error console and there is nothing in there either.
This is a https page ?
try this:
close Firefox, open a commandline prompt (windows: start/run/cmd), use the command "set NSS_SSL_CBC_RANDOM_IV=0" (without the quotes), change to the firefox directory from within this commandline prompt and start Firefox -> "cd \Program Files\Mozilla Firefox" , "firefox.exe".

Now test from again with this opened Firefox.
(i suspect bug 702111)
It worked this time, thank you greatly for your help.  This will prevent hundreds of employees from being locked out of doing their jobs.  Is running this command once a permanent fix?
This is basically not a fix, it's only a workaround for a bug in your Checkpoint VPN server

I will try to explain the whole story behind this.
There is an attack for https connections called "beast attack".
A counter action is to put only 1 byte of the data in the first packet of the connection and everything else in the following packets.

This is and was always legal but some applications have a bug that you always see with this splitting. You can hit the same bug but very infrequently without this splitting.

Setting this environment variable disables this splitting feature in Gecko/Firefox as long as it's set.
You can of course add this env variable as global variable to your windows systems
but for a permanent fix you have to get a fix for your VPN server software that displays the https page.
Using comment#4 is no permanent fix. The environment variable is only valid for the Firefox.exe that is launched from this commandline prompt.
You can set either a global enviroment variable -> http://searchsystemschannel.techtarget.com/feature/Setting-Windows-7-environment-variables or use a batch file that sets the variable and launches Firefox.

BTW: IE, Chrome and AFAIK Opera are using the same splitting now
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: