Closed Bug 968449 Opened 10 years ago Closed 8 years ago

ssl_error_illegal_parameter_alert occuring intermittently starting with Firefox 26 *without* Kaspersky installed

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: briansmith, Unassigned)

References

(
URL
)

Details

(Keywords: regression) 

+++ This bug was initially created as a clone of Bug #951156 +++

This seems to be a regression in Firefox 26. The bug for issues related to Kaspersky is bug 951156. This bug is about resolving the issues that have the same symptoms without Kaspersky installed. From bug 951156, it seems like SNI may have some influence on this. Did we remove the pref that disables SNI in Firefox 26?

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release)
Build ID: 20131205075310

Steps to reproduce:

Opened new tab to HTTPS://www.google.co.uk 

Am using an add on NewTabURL thats set to the above address - and this has been working without the issue for the last 18 months.  The issue has only just started to happen with 


Actual results:

ssl_error_illegal_parameter_alert intermittently - doing a page refresh most times works


Expected results:

Just opened the page
I can confirm that this bug is still present in Firefox 27 (previously experienced in Firefox 26). First noticed in secure pages (admin) of our website, https://dannytherockman.com (https not accessible without an account except login and registration pages), and also reported by several customers on the store front when logged in to their secure accounts. We have seen this error on a few other websites including Facebook and the US Postal Service website.

Pages load correctly most of the time, but seemingly at random we get the ssl_error_illegal_parameter_alert. This occurs when clicking links between pages, most commonly when obtaining product or customer database search results, or (sometimes) when refreshing a page. Once the error occurs, refreshing the page usually allows the page to load correctly but it may take up to ten or more refreshes of the page to clear it in some cases. Though it may not be connected, some images served of https fail to load when the rest of the page loads as expected.

We have seen this issue with Firefox 26/27 on Mac OS X (lion) and Windows 7 (64 bit) both with and without Avast Antivirus free edition. Mac OS, Windows, and Avast all had the latest updates when the bug occurred (most recently today).
I'm getting this on my personal site:

https://www.zigg.com/

Both with Squid and without.  Firefox 28.0, OS X 10.9.2.

The Squid log for a failure is interesting:

xxxxxxxxxx.xxx    116 127.0.0.1 TCP_MISS/200 7 CONNECT www.zigg.com:443 - HIER_DIRECT/69.73.131.21 -

Only 7 bytes?
Might it be because both my site and dannytherockman.com don't support any form of TLS, but stop at SSLv3?

cf. https://www.ssllabs.com/ssltest/
Hello,

I can confirm the problem is with TLS usage.

Our user has reported this problem since 2-3 days. Maybe it is caused by debian apache update.

Following error message is reported on CTRL-F5 (Reload) - first access OK, reload=error, reload=OK, reload=error ...

--------------------------------------------------
Secure Connection Failed

An error occurred during a connection to WWW.DOMAIN.COM. SSL peer rejected a handshake message for unacceptable content. (Error code: ssl_error_illegal_parameter_alert)
--------------------------------------------------


I have activated debugging on apache and I can see following SSL messages during negotiation. First access (no error):

--------------------------------------------------
[Thu Jul 17 09:04:45 2014] [debug] ssl_engine_kernel.c(2008): [client 172.25.56.30] SSL virtual host for servername WWW.DOMAIN.COM found
[Thu Jul 17 09:04:45 2014] [debug] ssl_engine_kernel.c(1895): OpenSSL: Loop: SSLv3 read client hello A
[Thu Jul 17 09:04:45 2014] [debug] ssl_engine_kernel.c(1895): OpenSSL: Loop: SSLv3 write server hello A
[Thu Jul 17 09:04:45 2014] [debug] ssl_engine_kernel.c(1895): OpenSSL: Loop: SSLv3 write certificate A
[Thu Jul 17 09:04:45 2014] [debug] ssl_engine_kernel.c(1298): [client 172.25.56.30] handing out temporary 256 bit ECC key
[Thu Jul 17 09:04:45 2014] [info] Connection: Client IP: 172.25.56.30, Protocol: SSLv3, Cipher: ECDHE-RSA-AES128-SHA (128/128 bits)
--------------------------------------------------

But during reload the negotiation fails:

--------------------------------------------------
[Thu Jul 17 09:04:45 2014] [info] [client 172.25.56.30] SSL library error 1 in handshake (server WWW.DOMAIN.COM:443)
[Thu Jul 17 09:04:45 2014] [info] SSL Library Error: 336109783 error:1408A0D7:SSL routines:SSL3_GET_CLIENT_HELLO:required cipher missing
[Thu Jul 17 09:04:45 2014] [info] [client 172.25.56.30] Connection closed to child 2 with abortive shutdown (server WWW.DOMAIN.COM:443)
--------------------------------------------------

Our apache is configured with "SSLProtocol All -TLSv1.1 -TLSv1.2 -TLSv1" because some clients have had problem with connection. It means, Apache does use SSL only.

The problem is probably, as written in http://kb.mozillazine.org/Security.tls.version.* 

"There is currently no fallback from TLS 1.1/1.2 to earlier protocols. Thus, selecting security.tls.version.max = 2 (or 3) for TLS 1.1 (or 1.2) support results in the connection failing when the server connected to doesn't support that version. Once the fallback is implemented, the default for security.tls.version.max will be changed to 3 to utilize the most recent TLS 1.2 version by default. "

BTW: The page says "1" is security.tls.version.max, but in my Firefox 30.0 is default "3" for max.

IMHO the additional problem is that fall back from TLS1.0 to SSL3 does neither work.

If I set security.tls.version.max to 0 same as security.tls.version.min, I can reload page without any error.

If I keep security.tls.version.max to 3 and security.tls.version.min to 0, and I allow TLS protocols in apache, I can reload page without any error too.

I am not sure, if this is bug (apache or firefox) or not. Microsoft IE and Chrome can reload without this error.


Regards,

Robert Wolf.
Please see bug 1042520 comment 11. Some of this problem is probably caused by problems in the network or Firefox mis-interpreting a page load cancellation as a network problem, causing Firefox to try to do non-secure downgrade to SSL 3.0. Then, when Firefox tries to talk SSL 3.0 with the server, there's something that the server doesn't like. But, if you read bug 1042520 comment 11 you'll see that Firefox is going to disable SSL 3.0 support and the non-secure fallback to SSL 3.0. Thus, I suspect that this problem will go away, but if you have an SSL-3.0-only server, you'll have to do something to keep Firefox working. Note that Google Chrome announced that they are also planning to disable SSL 3.0.
I am having this exact problem. I have a plain install of Firefox on Mac OS X Yosemite and no additional security software on either the computer or the network. Attempting to visit https://payment.cobbwater.org/cwa/p_template throws the following error:

An error occurred during a connection to payment.cobbwater.org. SSL peer rejected a handshake message for unacceptable content. (Error code: ssl_error_illegal_parameter_alert) 

I have tried to access that site using several different computers running Firefox and the problem happens on every one of them, regardless of whether the machine in question is running Mac OS or Windows. Accessing the site under any other browser works just fine. This is very clearly a problem with Firefox.
SSL 3.0 has been removed. If anyone is experiencing this issue with recent versions of Firefox, please open a new bug.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.