Closed Bug 33772 Opened 25 years ago Closed 22 years ago

No warning when connection to TLS only site is not possible because tls is turned off in prefs.

Categories

(Core Graveyard :: Security: UI, defect, P3)

1.0 Branch
defect

Tracking

(Not tracked)

VERIFIED FIXED
Future

People

(Reporter: junruh, Assigned: javi)

References

()

Details

(Keywords: arch, helpwanted)

Attachments

(1 file, 1 obsolete file)

Windows only. Tested on Mozilla. 1.) Connect to https://junruh.mcom.com:3002/ciphers.html 2.) You will not be able to connect since this cipher is not supported by Mozilla, but are given no warning that you cannot connect. What is expected: The warning present in Linux "Netscape and this server cannot communicate securely because they have no common encryption algorithms." What I get: Nothing happens.
mark, how is this obtained? do I need to check that pickled status (for what?)?
Group: netscapeconfidential?
Do we know what happens with PSM for 4.x? John, can you check out that case with PSM 1.1? If 4.x doesn't do the right thing, reassign this to ddrinan.
Adding junruh to cc list since bugzilla said it didn't email him.
With 4.73 and PSM 1.1, I get "Netscape and this server cannot communicate securely because they have no common encryption algorithms."
mark, thoughts?
Target Milestone: --- → M17
*** Bug 33843 has been marked as a duplicate of this bug. ***
Keywords: nsbeta2
Putting on [nsbeta2-] radar. Not critical to beta2. Do not think it will be that impt for users on beta. Please clear [nsbeta2-] in Status Summary if anyone feels differently and explain why.
Whiteboard: [nsbeta2-]
Reassigning to javi during dougt's absence for the next three weeks.
Assignee: dougt → javi
*** Bug 31185 has been marked as a duplicate of this bug. ***
Keywords: nsbeta2nsbeta3
Target Milestone: M17 → M18
Adding nsbeta2 keyword to bugs with nsbeta2 triage value in status field so the queries don't get screwed up
Keywords: nsbeta2
Blocks: 48444
marking nsbeta3- because of the infrequency with which this should happen.
Whiteboard: [nsbeta2-] → [nsbeta2-][nsbeta3-]
*** Bug 56399 has been marked as a duplicate of this bug. ***
rtm
Keywords: rtm
YOu can try www.elance.com and go to "My Elance". Same error. I don't even get warning that I'm switching to secure connection - maybe because link start with http, not https. This makes many e-commerce sites unusable.
I have no problem reaching "My elance" on Win98, Mac or Linux. For Win and Linux, make sure you have PSM installed. http://docs.iplanet.com/docs/manuals/psm/psm-mozilla/
We won't have a fix in time for 6.0. deleting "rtm" from keywords
Keywords: rtm
*** Bug 57640 has been marked as a duplicate of this bug. ***
Same happens when you try to connect to http://comhome.comdirect.de/, see bug 57640 for details.
*** Bug 61494 has been marked as a duplicate of this bug. ***
If bug 61494 is a dup of this, this bug has a cousin: mostfreq bug 47617 "Connection to https needs to tell user to install PSM if w/o
nsbeta1
Keywords: nsbeta1
*** Bug 67022 has been marked as a duplicate of this bug. ***
new target milestone
Target Milestone: M18 → mozilla0.9.1
Mass changing of product. Browser:Security:Crypto --> PSM 2.0
Component: Security: Crypto → Client Library
Product: Browser → PSM
Target Milestone: mozilla0.9.1 → ---
Version: other → 2.0
Milestone 2.0.
Target Milestone: --- → 2.0
OS: Windows NT → All
Hardware: PC → All
Whiteboard: [nsbeta2-][nsbeta3-]
Keywords: mozilla0.9.1
Don't think this will get done by 0.9.1 :(
Keywords: mozilla0.9.1
->p2
Priority: P3 → P2
junruh: junruh.mcom.com:3002 web server serving ciphers.html page provided as test case doesn't exist anymore.
If you have TLS turned on, you can use this TLS intolerant site - https://secure.customersvc.com/servlet/Show?WESPAGE=fo/home.html&MSRSMAG=FO You won't be able to connect, and won't know why.
After I land the patch in Bug 64888, that site will work. (I've tested it and with the patch, it loads).
You can also turn off SSL3 and try any of the SSL3 only sites on the cipher testing page. - http://junruh.mcom.com/ciphers.html - You cannot connect and won't know why.
Attached patch Patch that alerts user with SSL error message. (obsolete) (deleted) — Splinter Review
ddrinan, please review my patch.
Attached patch Updated patch (deleted) — Splinter Review
r=mcgreer
sr=blizzard
a= asa@mozilla.org for checkin to the trunk. (on behalf of drivers)
Blocks: 83989
patch checked in.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Reopening. Mostly fixed, except in this case. 1.) Turn off TLS, leaving SSL2 and SSL3 on. 2.) Visit a TLS only site - https://junruh.mcom.com:5001 What is expected: A warning that a connection is not possible. What happens: No warning, you just can't reach the site.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Not sure if we'll be able to fix that case because the error we get back is PR_END_OF_FILE_ERROR, which doesn't seem like we can automatically assume there was a TLS inter-op error every time we see that error.
PDT for PSM
Whiteboard: PDT
Whiteboard: PDT
Mass reassigning target to 2.1
Target Milestone: 2.0 → 2.1
Keywords: nsenterprise
Failure->P1
P1
Priority: P2 → P1
Marking fixed. I get a warning whenever I cannot reach a site.
Status: REOPENED → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → FIXED
are you sure you've tested with a tls only site and tls turned off? Reopening.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
That's the only case that I can think of, and I've never found a real world site like that. It's only use would be to exclude Navigator browsers. I think this bug should be marked fixed, and open a new bug on that specific case. "Cannot reach a TLS only site with TLS disabled." Here is a TLS only server - https://junruh.mcom.com:5001
I just tried to connect to junruh.mcom.com:5001 with or without TLS enabled and I get a connection refused message. The server may not be up.
The server is up now.
Mass assigning QA to ckritzer.
QA Contact: junruh → ckritzer
Since our test server is probably the only server in the world that runs TLS *only*, I think we can put this off for a future release since the chance of a user actually running into this situation is practically zero.
Update the summary to reflect that the problem only occurs when TLS is turned off and the site only accept TLS connections. Moving to future. This is so rare, and the only organizations that would want to use a TLS only site would probably require that their user enable TLS in their browser.
Keywords: nsenterprise
Priority: P1 → P3
Summary: No warning when connection is not possible. → No warning when connection to TLS only site is not possible because tls is turned off in prefs.
Target Milestone: 2.1 → Future
Attachment #38151 - Attachment is obsolete: true
Attachment #38151 - Attachment is patch: true
QA Contact: ckritzer → junruh
Blocks: 104166
Keywords: mozilla1.0nsbeta1
Marking fixed. I get a warning now stating that there are no encryption algorythms in common. The new test site is https://pki.mcom.com:6050/tests.html
Status: REOPENED → RESOLVED
Closed: 23 years ago22 years ago
Resolution: --- → FIXED
Verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: