Closed
Bug 33772
Opened 25 years ago
Closed 22 years ago
No warning when connection to TLS only site is not possible because tls is turned off in prefs.
Categories
(Core Graveyard :: Security: UI, defect, P3)
Tracking
(Not tracked)
VERIFIED
FIXED
Future
People
(Reporter: junruh, Assigned: javi)
References
()
Details
(Keywords: arch, helpwanted)
Attachments
(1 file, 1 obsolete file)
(deleted),
patch
|
Details | Diff | Splinter Review |
Windows only. Tested on Mozilla.
1.) Connect to https://junruh.mcom.com:3002/ciphers.html
2.) You will not be able to connect since this cipher is not supported by
Mozilla, but are given no warning that you cannot connect.
What is expected: The warning present in Linux "Netscape and this server cannot
communicate securely because they have no common encryption algorithms."
What I get: Nothing happens.
Comment 1•25 years ago
|
||
mark, how is this obtained? do I need to check that pickled status (for what?)?
Group: netscapeconfidential?
Comment 2•25 years ago
|
||
Do we know what happens with PSM for 4.x? John, can you check out that case with
PSM 1.1? If 4.x doesn't do the right thing, reassign this to ddrinan.
Comment 3•25 years ago
|
||
Adding junruh to cc list since bugzilla said it didn't email him.
Reporter | ||
Comment 4•25 years ago
|
||
With 4.73 and PSM 1.1, I get "Netscape and this server cannot
communicate securely because they have no common encryption algorithms."
Comment 5•25 years ago
|
||
mark, thoughts?
Updated•25 years ago
|
Target Milestone: --- → M17
Putting on [nsbeta2-] radar. Not critical to beta2. Do not think it will be
that impt for users on beta. Please clear [nsbeta2-] in Status Summary if
anyone feels differently and explain why.
Whiteboard: [nsbeta2-]
Reporter | ||
Comment 8•24 years ago
|
||
Reassigning to javi during dougt's absence for the next three weeks.
Assignee: dougt → javi
Reporter | ||
Updated•24 years ago
|
Comment 10•24 years ago
|
||
Adding nsbeta2 keyword to bugs with nsbeta2 triage value in status field so the
queries don't get screwed up
Keywords: nsbeta2
Comment 11•24 years ago
|
||
marking nsbeta3- because of the infrequency with which this should happen.
Whiteboard: [nsbeta2-] → [nsbeta2-][nsbeta3-]
Reporter | ||
Comment 12•24 years ago
|
||
*** Bug 56399 has been marked as a duplicate of this bug. ***
Comment 14•24 years ago
|
||
YOu can try www.elance.com and go to "My Elance". Same error. I don't even get
warning that I'm switching to secure connection - maybe because link start with
http, not https.
This makes many e-commerce sites unusable.
Reporter | ||
Comment 15•24 years ago
|
||
I have no problem reaching "My elance" on Win98, Mac or Linux. For Win and
Linux, make sure you have PSM installed.
http://docs.iplanet.com/docs/manuals/psm/psm-mozilla/
Comment 16•24 years ago
|
||
We won't have a fix in time for 6.0.
deleting "rtm" from keywords
Keywords: rtm
Reporter | ||
Comment 17•24 years ago
|
||
*** Bug 57640 has been marked as a duplicate of this bug. ***
Comment 18•24 years ago
|
||
Same happens when you try to connect to http://comhome.comdirect.de/, see
bug 57640 for details.
Reporter | ||
Comment 19•24 years ago
|
||
*** Bug 61494 has been marked as a duplicate of this bug. ***
Comment 20•24 years ago
|
||
Comment 22•24 years ago
|
||
*** Bug 67022 has been marked as a duplicate of this bug. ***
Comment 24•24 years ago
|
||
Mass changing of product. Browser:Security:Crypto --> PSM 2.0
Component: Security: Crypto → Client Library
Product: Browser → PSM
Target Milestone: mozilla0.9.1 → ---
Version: other → 2.0
OS: Windows NT → All
Hardware: PC → All
Whiteboard: [nsbeta2-][nsbeta3-]
Assignee | ||
Updated•24 years ago
|
Keywords: mozilla0.9.1
Comment 28•24 years ago
|
||
junruh: junruh.mcom.com:3002 web server serving ciphers.html page provided as
test case doesn't exist anymore.
Reporter | ||
Comment 29•24 years ago
|
||
If you have TLS turned on, you can use this TLS intolerant site -
https://secure.customersvc.com/servlet/Show?WESPAGE=fo/home.html&MSRSMAG=FO
You won't be able to connect, and won't know why.
Assignee | ||
Comment 30•24 years ago
|
||
After I land the patch in Bug 64888, that site will work. (I've tested it and
with the patch, it loads).
Reporter | ||
Comment 31•24 years ago
|
||
You can also turn off SSL3 and try any of the SSL3 only sites on the cipher
testing page. - http://junruh.mcom.com/ciphers.html - You cannot connect and
won't know why.
Assignee | ||
Comment 32•23 years ago
|
||
Assignee | ||
Comment 33•23 years ago
|
||
ddrinan, please review my patch.
Assignee | ||
Comment 34•23 years ago
|
||
Comment 35•23 years ago
|
||
r=mcgreer
Comment 36•23 years ago
|
||
sr=blizzard
Comment 37•23 years ago
|
||
a= asa@mozilla.org for checkin to the trunk.
(on behalf of drivers)
Blocks: 83989
Assignee | ||
Comment 38•23 years ago
|
||
patch checked in.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 39•23 years ago
|
||
Reopening. Mostly fixed, except in this case.
1.) Turn off TLS, leaving SSL2 and SSL3 on.
2.) Visit a TLS only site - https://junruh.mcom.com:5001
What is expected: A warning that a connection is not possible.
What happens: No warning, you just can't reach the site.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 40•23 years ago
|
||
Not sure if we'll be able to fix that case because the error we get back is
PR_END_OF_FILE_ERROR, which doesn't seem like we can automatically assume there
was a TLS inter-op error every time we see that error.
Updated•23 years ago
|
Whiteboard: PDT
Updated•23 years ago
|
Keywords: nsenterprise
Assignee | ||
Comment 43•23 years ago
|
||
Failure->P1
Reporter | ||
Comment 45•23 years ago
|
||
Marking fixed. I get a warning whenever I cannot reach a site.
Status: REOPENED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → FIXED
Comment 46•23 years ago
|
||
are you sure you've tested with a tls only site and tls turned off?
Reopening.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Reporter | ||
Comment 47•23 years ago
|
||
That's the only case that I can think of, and I've never found a real world site
like that. It's only use would be to exclude Navigator browsers.
I think this bug should be marked fixed, and open a new bug on that specific
case. "Cannot reach a TLS only site with TLS disabled."
Here is a TLS only server - https://junruh.mcom.com:5001
Comment 48•23 years ago
|
||
I just tried to connect to junruh.mcom.com:5001 with or without TLS enabled and
I get a connection refused message. The server may not be up.
Reporter | ||
Comment 49•23 years ago
|
||
The server is up now.
Assignee | ||
Comment 51•23 years ago
|
||
Since our test server is probably the only server in the world that runs TLS
*only*, I think we can put this off for a future release since the chance of a
user actually running into this situation is practically zero.
Comment 52•23 years ago
|
||
Update the summary to reflect that the problem only occurs when TLS is turned
off and the site only accept TLS connections.
Moving to future. This is so rare, and the only organizations that would want to
use a TLS only site would probably require that their user enable TLS in their
browser.
Keywords: nsenterprise
Priority: P1 → P3
Summary: No warning when connection is not possible. → No warning when connection to TLS only site is not possible because tls is turned off in prefs.
Target Milestone: 2.1 → Future
Attachment #38151 -
Attachment is obsolete: true
Attachment #38151 -
Attachment is patch: true
Reporter | ||
Updated•23 years ago
|
QA Contact: ckritzer → junruh
Updated•22 years ago
|
Keywords: mozilla1.0 → nsbeta1
Reporter | ||
Comment 53•22 years ago
|
||
Marking fixed. I get a warning now stating that there are no encryption
algorythms in common. The new test site is https://pki.mcom.com:6050/tests.html
Status: REOPENED → RESOLVED
Closed: 23 years ago → 22 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•