Closed Bug 166655 Opened 22 years ago Closed 22 years ago

ERROR -12227 / Extend the list of TLS intolerance error codes

Categories

(Core Graveyard :: Security: UI, defect, P2)

1.0 Branch
x86
All

Tracking

(Not tracked)

VERIFIED FIXED
psm2.4

People

(Reporter: cidar, Assigned: ssaux)

References

()

Details

(Keywords: regression)

Attachments

(1 file)

This message error is: Alert: www.saci.racsa.co.cr has recived an incorrect or inexpected message. Error Code: -12227. I don't know what It means!. I try to access a secure site (https), but this problem appear only when I input this URL: https://www.saci.racsa.co.cr . This problem appear only in Mozilla Version 1.1.0 (Build 2002082604), in the prior version (1.0)this problem does not exist. Thanks!. __________________________________ Have a nice day!.
I got an alert that the page is using low-grade encryption. WFM Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
... and I get no error at all. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1) Gecko/20020826
I'm seeing this as well, but only with 1.2a... Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2a) Gecko/20020910 This page works for me with 1.1 and 1.0.1 (displays low-grade encryption warning).
I just checked the latest Win32 and Linux builds, and this bug is still here. (2002-09-16-08-trunk) With >= 1.2a, it seems that connecting to export-grade SSL sites is broken. When attempting to connect to https://bcoba-server.bigpond.net.au:8443/ , a dialog box pops up with the following: "bcoba-server.bigpond.net.au has received an incorrect or unexpected message. Error Code: -12226" I would change the OS, Component, and Summary, but bugzilla won't let me. :)
*** Bug 169274 has been marked as a duplicate of this bug. ***
Confirming based on duplicate reports. OS->All Severity->Major Tweaking summary based on comment #4 Component->Networking
Severity: critical → major
Status: UNCONFIRMED → NEW
Component: Browser-General → Networking
Ever confirmed: true
OS: Windows 98 → All
Summary: Displays a message error ERROR CODE: -12227 → Export-grade SSL sites display ERROR CODE: -12227
1) Let us say I have host1, host2. 2) I opened two browser(Netscape 7.0/Mozilla 0.9.9 - Redhat Linux 7.3) "navigator windows", say window1, window2. 3) I am able to access https://host1 using "navigator window1". 4) Without closing window1, I try to access https://host2 using "navigator window2". Then I get the following message: xxx has recived an incorrect or inexpected message. Error Code: -12227 I do not see this problem in (Windows 2000 - IE). I am using Apache 1.3, Open SSL in host1, host2. It is the same httpd, same configuration in host1 and host2.
This bug is still present (I just tested 2002-10-20-04-trunk and Phoenix 0.3). I'm adding kaie to the CC list.
-> PSM I confirm with 1.2a and 1.2b. Version 1.1b works. Again, this looks like a TLS intolerant site, that no longer works, since we changed the list of error codes that result in TLS intolerance assumption. Nelson, is it reasonable to always retry assuming TLS intolerance on SSL_ERROR_HANDSHAKE_FAILURE_ALERT?
Assignee: asa → ssaux
Component: Networking → Client Library
Product: Browser → PSM
QA Contact: asa → junruh
Target Milestone: --- → 2.4
Version: other → 2.4
The test URL is nelsonb's Flavor B TLS intolerant server, using low grade encryption, and I get the error message and cannot reach the site. https://www.e-girot.net/ewh/visafaktura is also nelsonb's Flavor B TLS intolerant server, using low grade encryption, and I can reach the site.
Keywords: nsbeta1+, regression
Priority: -- → P2
*** Bug 175287 has been marked as a duplicate of this bug. ***
In answer to the question in comment 9 Yes, SSL_ERROR_HANDSHAKE_FAILURE_ALERT can imply TLS intolerance. So can SSL_ERROR_ILLEGAL_PARAMETER_ALERT SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BAD_SERVER SSL_ERROR_BAD_BLOCK_PADDING SSL_ERROR_UNSUPPORTED_VERSION SSL_ERROR_PROTOCOL_VERSION_ALERT SSL_ERROR_RX_MALFORMED_FINISHED SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE SSL_ERROR_RX_UNKNOWN_ALERT
Attached patch Patch v1 (deleted) — Splinter Review
This patch adds all the codes that Nelson suggests to the list of codes that will be assumed as possible TLS intolerance when occuring before the first content byte was exchanged.
Javi, can you please review?
Status: NEW → ASSIGNED
Comment on attachment 103643 [details] [diff] [review] Patch v1 r=javi
Attachment #103643 - Flags: review+
Blocks: 176288
Blocks: 1.2
Comment on attachment 103643 [details] [diff] [review] Patch v1 sr=jag
Attachment #103643 - Flags: superreview+
Comment on attachment 103643 [details] [diff] [review] Patch v1 a=blizzard on behalf of drivers for 1.2 final. Try to get this in before the tree closure on the morning of Nov 5th, 2002 or you're going to have to wait until after we finish making the branch.
Attachment #103643 - Flags: approval+
Summary: Export-grade SSL sites display ERROR CODE: -12227 → ERROR -12227 / Extend the list of TLS intolerance error codes
Checked in before the tree closed.
fixed
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: