A user reported that going to https://www.bbvafrances.com.ar/ shows an error in the latest release version 37.0.1. The previous version 36.0 still works. In addition there isn't a user friendly work around in Firefox (if there's any), so he used Chrome to get to the site. Steps: 1. Go to https://www.bbvafrances.com.ar/ Expected: You can access the site and do your banking. Actual: You get an error: "Secure Connection Failed An error occurred during a connection to www.bbvafrances.com.ar. SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem." This works on 36.0, and it is a popular bank in Argentina.

Is this related to a bunch of False Start changes that landed in 37?

Looks like TLS 1.2 intolerance (after setting security.tls.version.fallback-limit to 1 in about:config, it works for me). That site also has some other issues, like supporting client-initiated renegotiation: https://www.ssllabs.com/ssltest/analyze.html?d=www.bbvafrances.com.ar&s=200.5.92.218

OK, I can reproduce Keeler's fix. Here's the handshake I see in Wireshark when it breaks: C->S: Client Hello S->C: Server Hello, Certificate, Server Hello Done C->S: Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message S->C: Change Cipher Spec S->C: Alert C->S: Alert From that, it looks like the server is choking on the client's Finished message (the encrypted handshake message on line 3). Since Firefox computes the handshake in the same way regardless of preferences, this suggests pretty strongly that this is a server bug. More specifically, a bug in how IBM HTTP Server (judging by the Server header in HTTP) handles Finished messages. I'm slightly concerned that this indicates a compatibility bug with Apache, but given that we're not seeing broader brokenness, I'm going to assume this is a more localized issue, e.g., for an old version.

Usually we turn these into tech evangelism bugs in the hopes that we can reach out to sites and have them fix their servers.

This could also be a regression from bug 940787.

(In reply to David Keeler [:keeler] (use needinfo?) from comment #2) > That site also has some other issues, like supporting client-initiated renegotiation: > https://www.ssllabs.com/ssltest/analyze.html?d=www.bbvafrances.com.ar&s=200.5.92.218 Wow, with results like that, I wouldn't recommend anyone using that insecure site for banking...

Works for me. SSL Labs does not report TLS 1.2 intolerance, either.

Looks like they upgraded the server. Notice that it supports secure renegotiation now.

Another bug involving the same server software is bug 1146017, and it was also quickly patched too. Notice that it also support secure renegotiation now.

The server in question still has massive issues, but for the purposes of this bug, it's fixed.