Bug 504106 - firefox in RHEL 5.3 has SSL issues with remedy.
firefox in RHEL 5.3 has SSL issues with remedy.
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xulrunner (Show other bugs)
5.3
All Linux
high Severity high
: rc
: ---
Assigned To: Martin Stransky
desktop-bugs@redhat.com
:
Depends On:
Blocks: 499522
  Show dependency treegraph
 
Reported: 2009-06-04 05:12 EDT by Huzaifa S. Sidhpurwala
Modified: 2010-10-23 05:58 EDT (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-11-03 05:48:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
backtrace from firefox hang (5.61 KB, text/plain)
2009-06-04 06:33 EDT, Huzaifa S. Sidhpurwala
no flags Details
new bt with xulrunner-debuginfo (6.84 KB, text/plain)
2009-06-04 07:23 EDT, Huzaifa S. Sidhpurwala
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 412833 None None None Never
Mozilla Foundation 500424 None None None Never

  None (edit)
Comment 2 Martin Stransky 2009-06-04 06:17:23 EDT
Thanks for the bug report.  We have reviewed the information you have provided
above, and there is some additional information we require that will be helpful
in our diagnosis of this issue.

First of all, could we get output of the command

 rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin*

Please also install firefox-debuginfo (debuginfo-install is from
yum-utils package).

 debuginfo-install firefox

Then run firefox with a parameter -g. That will start firefox running inside of
gdb debugger. Then use command run and do whatever you did to make firefox
crash. When it happens, you should go back to the gdb and run

 (gdb) thread apply all backtrace

This produces usually many screens of the text. Copy all of them into a text
editor and attach the file to the bug as an uncompressed attachment.

We will review this issue again once you've had a chance to attach this
information.

Thanks in advance.
Comment 4 Huzaifa S. Sidhpurwala 2009-06-04 06:33:50 EDT
Created attachment 346512 [details]
backtrace from firefox hang
Comment 5 Martin Stransky 2009-06-04 06:50:21 EDT
Please install xulrunner-debuginfo package and attach the backtrace again. We're missing those symbols there.
Comment 6 Huzaifa S. Sidhpurwala 2009-06-04 07:23:54 EDT
Created attachment 346517 [details]
new bt with xulrunner-debuginfo
Comment 7 Martin Stransky 2009-06-04 07:28:34 EDT
Hm, I don't see anything wrong here. Can you please try to install other debuginfo packages and attach some new bactrace? I mean nspr-debuginfo, nss-debuginfo.
Comment 39 Bob Relyea 2009-06-25 12:09:14 EDT
Just to be clear...

old FF and NSS works (the version that doesn't know anything about Camillia). This means remedy does not need Camilla.

new FF and NSS work with Camilla turned on. Question: do we know if remedy is selecting the Camilla cipher suite?

If we turn Camilla off (either in softoken or the prefs) remedy stops working.

I think an ssltap output for the successful case (Camilla on) would be useful for upstream.

bob
Comment 40 Kai Engert (:kaie) 2009-06-25 13:01:34 EDT
(In reply to comment #39)
> Just to be clear...
> 
> old FF and NSS works (the version that doesn't know anything about Camillia).

I haven't tried an old NSS, prior to NSS 3.12. But given that we see some good connections, when operating slowly, we can conclude that Camellia is not needed.


> This means remedy does not need Camilla.

right


> new FF and NSS work with Camilla turned on. Question: do we know if remedy is
> selecting the Camilla cipher suite?

Not selecting Camellia, handshake log says
            cipher_suite = (0x0039) TLS/DHE-RSA/AES256-CBC/SHA
(even with Camellia enabled)


> If we turn Camilla off (either in softoken or the prefs) remedy stops working.

correct


> I think an ssltap output for the successful case (Camilla on) would be useful
> for upstream.

I have already filed an upstream bug and attached logfiles.
  https://bugzilla.mozilla.org/show_bug.cgi?id=500424
Comment 41 Bob Relyea 2009-06-25 13:21:16 EDT
> Not selecting Camellia, handshake log says
>             cipher_suite = (0x0039) TLS/DHE-RSA/AES256-CBC/SHA
> (even with Camellia enabled)

Hmm... we could try turning off the DHE ciphers? DHE is not really commonly used (thought the fact you are failing on reloads may indicate a problem with restarts...)


> I have already filed an upstream bug and attached logfiles.
>  https://bugzilla.mozilla.org/show_bug.cgi?id=500424  

thanks!

bob
Comment 51 RHEL Product and Program Management 2009-10-05 17:17:21 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 56 Jan Horak 2009-11-03 05:48:19 EST
Already landed in last xulrunner 1.9.0.15 package.

Note You need to log in before you can comment on or make changes to this bug.