Closed
Bug 937555
Opened 11 years ago
Closed 10 years ago
[amo] HTTPS error on https://addons.mozilla.org/ when rc4 disabled (ssl_error_bad_mac_read)
Categories
(Cloud Services :: Operations: Marketplace, task, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: steffen.wilberg, Assigned: jason)
References
()
Details
Attachments
(2 files)
ssl-error-nightly-20131123.png
https://addons.mozilla.org/ shows an HTTPS error when the RC4 ciphers are disabled. 1. Go to about:config and disable all RC4 ciphers (because the NSA is said to be able to decrypt RC4 in realtime) by filtering for 'rc4' and double-clicking all entries to disable them. 2. Go to https://addons.mozilla.org/ Result: Firefox connects with SSL_RSA_WITH_3DES_EDE_CBC_SHA, View Source of the actual page is available as well, but an SSL error is shown instead of the page: ssl_error_bad_mac_read
|
Reporter | |
Updated•11 years ago
|
|
|
Reporter | |
Comment 1•11 years ago
|
||
The bug occurs with the default setting (in Firefox 25) of security.tls.version.max (1). If I set this pref to 3 (to enable TLS 1.2), the page loads just fine even with the RC4 ciphers disabled.
|
||
Updated•11 years ago
|
Assignee: server-ops-webops → server-ops-amo
Component: WebOps: Other → Server Operations: AMO Operations
Product: Infrastructure & Operations → mozilla.org
QA Contact: nmaul → oremj
|
||
Comment 2•11 years ago
|
||
I can reproduce, but it's erratic. I attached a packet capture that shows the error in packet 20, when Firefox sends an ENCRYPTED ALERT back to AMO. This happens with 3DES and AES-256-CBC but only in TLS1.0. With TLS1.1 and TLS1.2 enabled in Firefox, the issue doesn't appear anymore.
|
||
Comment 3•11 years ago
|
||
I can reproduce this the following way: Set security.ssl3.rsa_rc4_128_sha to false and security.tls.version.max to 3. This way I always get a ssl_error_rx_malformed_server_key_exch both on 25.0.1 and on latest nightly 20131123 (there tls.max is already 3). If I disable the mentioned cipher in nightly and downgrade tls.max to 2, it connects fine again with TLS_DHE_RsA_WITH_AES_256_CBC_SHA. So it may be related to TLS 1.2? As Steffen said, you can view the actual page source, but for me the page info states that the connection was indeed NOT encrypted.
The issue changed from Firefox 25.0.0 to 25.0.1 Version 25.0.0: In the original post from Steffen, Firefox shows the error message "ssl_error_bad_mac_read" when you go to https://addons.mozilla.org/ -> changing the TLS parameters as Steffen described in his 2nd post fixed that issue. The site worked again. I was able to reproduce this (Desktop and Mobile) Version 25.0.1: https://addons.mozilla.org/ now shows a different error message and the "changed" parameters haven't been fixing the issue any more (or lead to a new issue). New error message as described by Klemens "ssl_error_rx_malformed_server_key_exch" I'm able to reproduce this as well (Desktop and Mobile). If you have a look in the version history of 25.0.1 something has been changed in the encryption-functionality of Firefox, maybe the new issue is related to that? See: https://www.mozilla.org/security/announce/2013/mfsa2013-103.html
|
|
Reporter | |
Comment 5•11 years ago
|
||
Testing Firefox 25.0.0 25.0.1 or Nightly doesn't make a difference when using the same settings. Some changes were made on the server side apparently. It's now broken the other way round: Having the RC4 ciphers disabled, it works with TLS 1.0, but is broken with TLS 1.2: I disable the RC4 ciphers as before (by filtering for "rc4" in about:config and setting all prefs to false). TLS 1.0 works: If I leave security.tls.version.max at the default value of the release version, which is still 1 (meaning TLS 1.0), or manually set that value in Nightly, I can load the site just fine with TLS_DHE_RSA_WITH_AES_256_CBC_SHA. I couldn't in comment 0. TLS 1.2 broken: However, If I set security.tls.version.max to 3 (or leave the default value in Nightly, which is 3 already), I now get a "ssl_error_rx_malformed_server_key_exch" error (as mentioned by Klemens in comment 3). In comment 1, I could still connect with those settings. With TLS 1.2, I can now only load the site if I reenable the RC4 ciphers; the connection is made using SSL_RSA_WITH_RC4_128_SHA. (Regarding being able to View Source in comment 0: It looks like that was a cached copy. If I press Ctrl+F5 to bypass the page, View Source displays the SSL error page as well.)
|
|
||
Comment 6•11 years ago
|
||
(In reply to Steffen Wilberg from comment #5) > (Regarding being able to View Source in comment 0: It looks like that was a > cached copy. If I press Ctrl+F5 to bypass the page, View Source displays the > SSL error page as well.) You are right, View Source does show the same behaviour when deleting cache beforehand.
(In reply to Steffen Wilberg from comment #5) > Some changes were made on the server side apparently. It's now broken the Hi Steffen, you're probably right. So this forum isn't the right place to address this issue, right? Do you know by chance a good contact-address (e.g. mozilla server admin), where I can raise this issue? Maybe they see the issue in the logs, but why not give them a hint?
|
||
Comment 8•11 years ago
|
||
(In reply to matze112 from comment #7) > Hi Steffen, you're probably right. So this forum isn't the right place to > address this issue, right? It is (AFAIK), see product/category above.
|
Assignee | |
Comment 11•11 years ago
|
||
Thanks for the report and information. We are experiencing issues with TLS_DHE_RSA_WITH_AES_256_CBC_SHA and TLS_DHE_RSA_WITH_AES_128_CBC_SHA ciphers when connecting with TLS V1.2. We have temporarily disabled these until we get more information regarding this issue from our vendor. Thank you for your patience in this matter.
|
|
Assignee | |
Updated•11 years ago
|
Assignee: server-ops-amo → jthomas
|
||
Comment 12•11 years ago
|
||
(In reply to Jason Thomas [:jason] from comment #11) > Thanks for the report and information. > > We are experiencing issues with TLS_DHE_RSA_WITH_AES_256_CBC_SHA and > TLS_DHE_RSA_WITH_AES_128_CBC_SHA ciphers when connecting with TLS V1.2. > > We have temporarily disabled these until we get more information regarding > this issue from our vendor. Thank you for your patience in this matter. Now, Firefox enabling TLS 1.2 and disabling RC4 ciphers can connect to AMO using TLS_RSA_WITH_AES_256_CBC_SHA.
|
||
Updated•10 years ago
|
Priority: -- → P2
|
|
||
Updated•10 years ago
|
Summary: HTTPS error on https://addons.mozilla.org/ when rc4 disabled (ssl_error_bad_mac_read) → [amo] HTTPS error on https://addons.mozilla.org/ when rc4 disabled (ssl_error_bad_mac_read)
|
|
||
Updated•10 years ago
|
Component: Server Operations: AMO Operations → Operations: Marketplace
Product: mozilla.org → Mozilla Services
Version: other → unspecified
|
|
Assignee | |
Comment 16•10 years ago
|
||
We recently upgraded our Load Balancer software which included fixes to TLS 1.2. Below are the cipher suites enabled on addons.mozilla.org. ./cipherscan addons.mozilla.org ...... prio ciphersuite protocols pfs_keysize 1 DHE-RSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 DH,1024bits 2 DHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 DH,1024bits 3 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 4 AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 5 DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 Thanks everyone for your reports and patience.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•