Re: ssl_error_rx_malformed_finished

To: current-users%netbsd.org@localhost
Subject: Re: ssl_error_rx_malformed_finished
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Mon, 8 Dec 2014 18:43:45 +0000 (UTC)

bouyer%antioche.eu.org@localhost (Manuel Bouyer) writes:

>On Mon, Dec 08, 2014 at 02:03:36PM +0000, Michael van Elst wrote:
>> bouyer%antioche.eu.org@localhost (Manuel Bouyer) writes:
>> 
>> >Hello,
>> >I recently re-enabled TLSv1 on my web servers (because of the newer
>> >firefox which blocks SSL protocols by default now), and on
>> >*some* web servers, I occasionally get from firefox:
>> >n error occurred during a connection to www.xxx.yy.
>> >SSL received a malformed Finished handshake message.
>> >(Error code: ssl_error_rx_malformed_finished)
>> 
>> Try to change the Firefox config option security.tls.version.max
>> from 3 (==TLS1.3) to 2 (==TLS1.2).

>I'd like have it work without changing the client's config.
>It looks like a bug on the server side. What I don't understand is
>why it works with some servers and not others.

Well, this is supposed to work around the bug, and I don't think
it is clear that this is a server bug. Other clients at least
do not complain, so if a server has an error in its protocol
implementation, it is possible to gracefully handle (or just
ignore) it.

Follow-Ups:
- Re: ssl_error_rx_malformed_finished
  - From: Manuel Bouyer

References:
- ssl_error_rx_malformed_finished
  - From: Manuel Bouyer
- Re: ssl_error_rx_malformed_finished
  - From: Michael van Elst
- Re: ssl_error_rx_malformed_finished
  - From: Manuel Bouyer

Prev by Date: Re: ssl_error_rx_malformed_finished
Next by Date: Re: ssl_error_rx_malformed_finished
Previous by Thread: Re: ssl_error_rx_malformed_finished
Next by Thread: Re: ssl_error_rx_malformed_finished
Indexes:

Home | Main Index | Thread Index | Old Index