Red Hat Bugzilla – Bug 504106
firefox in RHEL 5.3 has SSL issues with remedy.
Last modified: 2010-10-23 05:58:24 EDT
Thanks for the bug report. We have reviewed the information you have provided
above, and there is some additional information we require that will be helpful
in our diagnosis of this issue.
First of all, could we get output of the command
rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin*
Please also install firefox-debuginfo (debuginfo-install is from
Then run firefox with a parameter -g. That will start firefox running inside of
gdb debugger. Then use command run and do whatever you did to make firefox
crash. When it happens, you should go back to the gdb and run
(gdb) thread apply all backtrace
This produces usually many screens of the text. Copy all of them into a text
editor and attach the file to the bug as an uncompressed attachment.
We will review this issue again once you've had a chance to attach this
Thanks in advance.
Created attachment 346512 [details]
backtrace from firefox hang
Please install xulrunner-debuginfo package and attach the backtrace again. We're missing those symbols there.
Created attachment 346517 [details]
new bt with xulrunner-debuginfo
Hm, I don't see anything wrong here. Can you please try to install other debuginfo packages and attach some new bactrace? I mean nspr-debuginfo, nss-debuginfo.
Just to be clear...
old FF and NSS works (the version that doesn't know anything about Camillia). This means remedy does not need Camilla.
new FF and NSS work with Camilla turned on. Question: do we know if remedy is selecting the Camilla cipher suite?
If we turn Camilla off (either in softoken or the prefs) remedy stops working.
I think an ssltap output for the successful case (Camilla on) would be useful for upstream.
(In reply to comment #39)
> Just to be clear...
> old FF and NSS works (the version that doesn't know anything about Camillia).
I haven't tried an old NSS, prior to NSS 3.12. But given that we see some good connections, when operating slowly, we can conclude that Camellia is not needed.
> This means remedy does not need Camilla.
> new FF and NSS work with Camilla turned on. Question: do we know if remedy is
> selecting the Camilla cipher suite?
Not selecting Camellia, handshake log says
cipher_suite = (0x0039) TLS/DHE-RSA/AES256-CBC/SHA
(even with Camellia enabled)
> If we turn Camilla off (either in softoken or the prefs) remedy stops working.
> I think an ssltap output for the successful case (Camilla on) would be useful
> for upstream.
I have already filed an upstream bug and attached logfiles.
> Not selecting Camellia, handshake log says
> cipher_suite = (0x0039) TLS/DHE-RSA/AES256-CBC/SHA
> (even with Camellia enabled)
Hmm... we could try turning off the DHE ciphers? DHE is not really commonly used (thought the fact you are failing on reloads may indicate a problem with restarts...)
> I have already filed an upstream bug and attached logfiles.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
Already landed in last xulrunner 18.104.22.168 package.