On Mon, Dec 08, 2014 at 06:43:45PM +0000, Michael van Elst wrote: > [email protected] (Manuel Bouyer) writes: > > >On Mon, Dec 08, 2014 at 02:03:36PM +0000, Michael van Elst wrote: > >> [email protected] (Manuel Bouyer) writes: > >> > >> >Hello, > >> >I recently re-enabled TLSv1 on my web servers (because of the newer > >> >firefox which blocks SSL protocols by default now), and on > >> >*some* web servers, I occasionally get from firefox: > >> >n error occurred during a connection to www.xxx.yy. > >> >SSL received a malformed Finished handshake message. > >> >(Error code: ssl_error_rx_malformed_finished) > >> > >> Try to change the Firefox config option security.tls.version.max > >> from 3 (==TLS1.3) to 2 (==TLS1.2). > > >I'd like have it work without changing the client's config. > >It looks like a bug on the server side. What I don't understand is > >why it works with some servers and not others. > > Well, this is supposed to work around the bug, and I don't think > it is clear that this is a server bug. Other clients at least > do not complain, so if a server has an error in its protocol > implementation, it is possible to gracefully handle (or just > ignore) it.
Yes, it is. There are patches around to retry the connection in such case. But still, it's just a workaround. And still, some of my web servers have the problem and some don't. -- Manuel Bouyer <[email protected]> NetBSD: 26 ans d'experience feront toujours la difference --
