Closed Bug 969891 Opened 11 years ago Closed 11 years ago

AMO sometimes requires MD5 enabled in the browser

Categories

(Cloud Services :: Operations: Marketplace, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 937555

People

(Reporter: msharov, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0 (Beta/Release) Build ID: 20131118194756 Steps to reproduce: RC4 and MD5 are currently believed to be insecure, so in about:config I have set security.ssl3.rsa_rc4_128_md5 and _sha to false. Actual results: The browser randomly displays MAC error ssl_error_bad_mac_read while accessing the site directly or just fails when using the addons dialog. This only happens sometimes (I'd guess about 1 in 4), perhaps indicating that only some of your servers are affected. Enabling rc4-md5 AND rc4-sha eliminates the problem. Strangely, having either one disabled produces the error. Expected results: Since at least some of your servers support work fine without RC4 (reloading the page eventually gets through), all servers should do so. Or, at least figure out why it's a MAC error instead of cipher negotiation failure.
Assignee: nobody → server-ops-amo
Component: Administration → Server Operations: AMO Operations
Product: addons.mozilla.org → mozilla.org
QA Contact: oremj
Version: unspecified → other
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Component: Server Operations: AMO Operations → Operations: Marketplace
Product: mozilla.org → Mozilla Services
You need to log in before you can comment on or make changes to this bug.