Bug#597593: iceweasel: "SSL received a malformed Server Key Exchange handshake message" connecting to ALEC website
Matt Kraai
Version: 3.5.13-1
Severity: normal
Hi,
When I visit
Iceweasel displays the following page:
> Secure Connection Failed
>
> An error occurred during a connection to www.alecu.org.
>
> SSL received a malformed Server Key Exchange handshake message.
>
> (Error code: ssl_error_rx_malformed_server_key_exch)
>
> * The page you are trying to view can not be shown because the
> authenticity of the received data could not be verified.
>
> * Please contact the web site owners to inform them of this
> problem. Alternatively, use the command found in the help menu
> to report this broken site.
The same problem occurs if I use iceweasel 3.6.10-1 from experimental.
If I download and run Firefox 3.5.13 or 3.6.10 from Mozilla's website,
they're able to connect to the site successfully.
I changed the User-Agent string to match the one sent by Firefox, but
the error persisted.
-- Package-specific info:
-- Extensions information
Name: Adblock Plus
Location: ${PROFILE_EXTENSIONS}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Status: enabled
Name: Default
Location: /usr/lib/iceweasel/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled
-- Plugins information
Name: DivX® Web Player
Location: /usr/lib/mozilla/plugins/libtotem-mully-plugin.so
Package: totem-mozilla
Status: enabled
Name: QuickTime Plug-in 7.6.6
Location: /usr/lib/mozilla/plugins/libtotem-narrowspace-plugin.so
Package: totem-mozilla
Status: enabled
Name: Shockwave Flash
Location: /usr/lib/flashplugin-nonfree/libflashplayer.so
Status: enabled
Name: VLC Multimedia Plugin (compatible Totem 2.30.2)
Location: /usr/lib/mozilla/plugins/libtotem-cone-plugin.so
Package: totem-mozilla
Status: enabled
Name: Windows Media Player Plug-in 10 (compatible; Totem)
Location: /usr/lib/mozilla/plugins/libtotem-gmp-plugin.so
Package: totem-mozilla
Status: enabled
Name: iTunes Application Detector
Location: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so
Package: rhythmbox-plugins
Status: enabled
-- Addons package information
ii iceweasel 3.5.13-1 Web browser based on Firefox
ii rhythmbox-plug 0.12.8-2 plugins for rhythmbox music player
ii totem-mozilla 2.30.2-2+b1 Totem Mozilla plugin
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages iceweasel depends on:
ii debianutils 3.4.1 Miscellaneous utilities specific t
ii fontconfig 2.8.0-2.1 generic font configuration library
ii libc6 2.11.2-6 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.4-15 GCC support library
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-1+b1 The GTK+ graphical user interface
ii libnspr4-0d 4.8.6-1 NetScape Portable Runtime Library
ii libstdc++6 4.4.4-15 The GNU Standard C++ Library v3
ii procps 1:3.2.8-9 /proc file system utilities
ii xulrunner-1.9.1 1.9.1.13-1 XUL + XPCOM application runner
iceweasel recommends no packages.
Versions of packages iceweasel suggests:
ii libgssapi-krb5-2 1.8.3+dfsg~beta1-1 MIT Kerberos runtime libraries - k
pn mozplugger <none> (no description available)
ii ttf-lyx 1.6.7-1 TrueType versions of some TeX font
pn ttf-mathematica4.1 <none> (no description available)
ii xfonts-mathml 4 Type1 Symbol font for MathML
pn xprint <none> (no description available)
Versions of packages xulrunner-1.9.1 depends on:
ii libasound2 1.0.23-1 shared library for ALSA applicatio
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libbz2-1.0 1.0.5-5 high-quality block-sorting file co
ii libc6 2.11.2-6 Embedded GNU C Library: Shared lib
ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.2.24-3 simple interprocess messaging syst
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2 FreeType 2 font engine, shared lib
ii libgcc1 1:4.4.4-15 GCC support library
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-1+b1 The GTK+ graphical user interface
ii libhunspell-1.2-0 1.2.11-1 spell checker and morphological an
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii libmozjs2d 1.9.1.13-1 The Mozilla SpiderMonkey JavaScrip
ii libnspr4-0d 4.8.6-1 NetScape Portable Runtime Library
ii libnss3-1d 3.12.7-1 Network Security Service libraries
ii libpango1.0-0 1.28.1-1 Layout and rendering of internatio
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libreadline6 6.1-3 GNU readline and history libraries
ii libsqlite3-0 3.7.2-1 SQLite 3 shared library
ii libstartup-notification0 0.10-1 library for program launch feedbac
ii libstdc++6 4.4.4-15 The GNU Standard C++ Library v3
ii libx11-6 2:1.3.3-3 X11 client-side library
ii libxrender1 1:0.9.6-1 X Rendering Extension client libra
ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library
ii zlib1g 1:1.2.5.dfsg-1 compression library - runtime
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Mike Hommey
> Package: iceweasel
> Version: 3.5.13-1
> Severity: normal
>
> Hi,
>
> When I visit
>
> https://www.alecu.org/
>
> Iceweasel displays the following page:
>
> > Secure Connection Failed
> >
> > An error occurred during a connection to www.alecu.org.
> >
> > SSL received a malformed Server Key Exchange handshake message.
> >
> > (Error code: ssl_error_rx_malformed_server_key_exch)
> >
> > * The page you are trying to view can not be shown because the
> > authenticity of the received data could not be verified.
> >
> > * Please contact the web site owners to inform them of this
> > problem. Alternatively, use the command found in the help menu
> > to report this broken site.
>
> The same problem occurs if I use iceweasel 3.6.10-1 from experimental.
>
> If I download and run Firefox 3.5.13 or 3.6.10 from Mozilla's website,
> they're able to connect to the site successfully.
>
> I changed the User-Agent string to match the one sent by Firefox, but
> the error persisted.
Please try downgrading libnss3-1d to 3.12.6-3 from testing.
Mike
Mike Hommey
forcemerge 592315 597593
thanks
On Tue, Sep 21, 2010 at 01:22:36AM -0700, Matt Kraai wrote:
> On Tue, Sep 21, 2010 at 07:51:27AM +0200, Mike Hommey wrote:
> > Please try downgrading libnss3-1d to 3.12.6-3 from testing.
>
> Thanks, doing so fixed the problem.
Then this is the same issue as 592315. One of the reasons I'm not
pushing nss 3.12.7 in squeeze is this bug. I haven't decided yet
what will be done.
Cheers,
Matt Kraai
Thanks, doing so fixed the problem.
--
Matt https://ftbfs.org/kraai
Matt Kraai
> reassign 597593 libnss3-1d
> forcemerge 592315 597593
> thanks
>
> On Tue, Sep 21, 2010 at 01:22:36AM -0700, Matt Kraai wrote:
> > On Tue, Sep 21, 2010 at 07:51:27AM +0200, Mike Hommey wrote:
> > > Please try downgrading libnss3-1d to 3.12.6-3 from testing.
> >
> > Thanks, doing so fixed the problem.
>
> Then this is the same issue as 592315. One of the reasons I'm not
> pushing nss 3.12.7 in squeeze is this bug. I haven't decided yet
> what will be done.
Thanks again for diagnosing this so quickly. I'll report this to the
site operators in the hope that they'll fix the site.
--
Matt https://ftbfs.org/kraai