[email protected] (Manuel Bouyer) writes: >On Mon, Dec 08, 2014 at 02:03:36PM +0000, Michael van Elst wrote: >> [email protected] (Manuel Bouyer) writes: >> >> >Hello, >> >I recently re-enabled TLSv1 on my web servers (because of the newer >> >firefox which blocks SSL protocols by default now), and on >> >*some* web servers, I occasionally get from firefox: >> >n error occurred during a connection to www.xxx.yy. >> >SSL received a malformed Finished handshake message. >> >(Error code: ssl_error_rx_malformed_finished) >> >> Try to change the Firefox config option security.tls.version.max >> from 3 (==TLS1.3) to 2 (==TLS1.2).
>I'd like have it work without changing the client's config. >It looks like a bug on the server side. What I don't understand is >why it works with some servers and not others. Well, this is supposed to work around the bug, and I don't think it is clear that this is a server bug. Other clients at least do not complain, so if a server has an error in its protocol implementation, it is possible to gracefully handle (or just ignore) it.
