we are the owner of plimus.com and some of our Firefox Users are getting the following error when browsing our site - SSL:SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET
While Browsing our site with FIREFOX (any version and only with firefox) some amount of users are complaining that from time to time they are getting an SSL error that may be connected to FIREFOX TLS.
the error is: "SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET "
Technical info: We are using APACHE2 (TLS Enable and SSL V3) and Tomcat as back end. OS - Redhat FW - Cisco ASA Certificate - VeriSign Wildcard
Some URLs that are affected: https://www.plimus.com/jsp/buynow.jsp?contractId=1724988 or https://secure.plimus.com/jsp/buynow.jsp?contractId=2598796
Modified by yanivomc
Additional System Details
- Google Update
- Shockwave Flash 10.2 r152
- iTunes Detector Plug-in
- Fortinet SSL VPN CacheClean Firefox Plugin
- Fortinet SSL VPN FortiControl Firefox Plugin
- Office Authorization plug-in for NPAPI browsers
- The plug-in allows you to open and edit files using Microsoft Office applications
- Office Live Update v1.4
- NVIDIA 3D Vision plugin for Mozilla browsers
- NVIDIA 3D Vision Streaming plugin for Mozilla browsers
- BlackBerry WebSL Browser Plug-In
- 3DVIA player(184.108.40.206). For more information, visit the 3DVIA player web site.
- Next Generation Java Plug-in 1.6.0_17 for Mozilla browsers
- Adobe PDF Plug-In For Firefox and Netscape 10.0.1
- The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
- User Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20100101 Firefox/6.0
Feedback? Can anyone else open it with other browsers? Please let us know if you find the cause of the problem.
Modified by alan_r
Sorry the URL was a mistake the right one is https://www.plimus.com/jsp/buynow.jsp?contractId=1724988
the other is blocked with FW.
Hi guys, any 1 has an idea about this matter?
I have the same problem. Any news ?
Google Chrome reports on https://www.plimus.com/jsp/buynow.jsp?contractId=1724988
Your connection to www.plimus.com is encrypted with 256-bit encryption. The connection uses SSL 3.0. The connection is encrypted using AES_256_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism. The connection is not compressed. The connection had to be retried using SSL 3.0. This typically means that the server is using very old software and may have other security issues.
It works in Firefox if I disable TLS 1.0, so there is definitely something wrong with that server.
Hi Cor-el, what type of old software you talking about?
APACHE?, OPEN_SSL? redhat?
thank you for your help
I don't know.
I'm not an expert with configuring server or SSL.
I assume that it is the server software and that an updated SSL package that supports TLS properly needs to be installed or updated on the server.
It was Google Chrome that gave me the idea to check Firefox with TLS 1.0 disabled.
Firefox seems to cache it because I didn't get the error now with TLS enabled and only after using Clear Recent History to clear the "Active Logins" then I got the SSL error page back and not via a reload with bypassing the cache (Ctrl+F5).
Hi, first i'd like to thank you for your help Cor-el but that's not the case in our end. i'm using latest Apache and OPENSSL versions on our servers.
can you send me the URL for tool that you used for testing in google chrome (or it was the browser itself?)
i'll be happy to know if you or anyone else has any other ideas or comments...