Bug 808136
Summary: | Print more informative error message when site uses old SSL/TLS version | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | David Jaša <djasa> |
Component: | firefox | Assignee: | Martin Stransky <stransky> |
Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.3 | CC: | kengert, stransky, syeghiay, tpelka |
Target Milestone: | rc | ||
Target Release: | 6.3 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | RHSA-2012:1088 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-08-03 12:37:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Jaša
2012-03-29 16:53:44 UTC
We have to solve this bug upstream, and I believe it's more for nss/psm folks. David, do you have any reproducer? Kai, what do you think about this bug? My initial reaction is that better user feedback is a "feature". The stable ESR branch of Firefox is not meant to get new features. In particular, introducing new wording is also not an option for the stable branch. Because of the stable branch limitations, anything requiring new strings would have to wait until Firefox 17 (most likely the next major ESR release). However, we used to have an error message "no common encryption algorithm(s)". We need to investigate why it's not shown in this scenario. After a quick test, I see that Firefox attempts to connect to the site multiple times, always fails, and eventually gives up. This indicates a misinterpretation of an NSS error code at the Mozilla applicaiton level. I filed upstream https://bugzilla.mozilla.org/show_bug.cgi?id=762301 I attached a potential patch to the upstream bug which applies to the Mozilla-ESR10 branch used by current RHEL. https://bugzilla.mozilla.org/show_bug.cgi?id=762301#c1 With the patch applied, the error message shown is: An error occurred during a connection to ..... Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) Do you want to pick up this patch in Red Hat's packaged ESR? The trunk version of the patch was added upstream to the main development branch. I believe this isn't a regression, and therefore it doesn't qualify for upstream's rules for the ESR branch. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. Fixed in RHSA-2012:1088 |