[Update: This works correctly with HTTP/2 disabled, so it is somehow HTTP/2 related. Firefox's partner is terminated with ATS 8.0.2, so this is most likely an interactio… (read more)
[Update: This works correctly with HTTP/2 disabled, so it is somehow HTTP/2 related. Firefox's partner is terminated with ATS 8.0.2, so this is most likely an interaction with Traffic Server, but debugging help is still needed.]
I recently upgraded from Mediawiki 1.31 to 1.35 on Debian 10. Since this upgrade, attempts to log in with Firefox are impossible -- Safari and Chrome work fine. Firefox 96.0 displays the attached error "Secure Connection Failed" but no security error is provided. This seems to be a defect in Firefox, but I am having difficulty diagnosing further.
Looking at both server trace logs as well as the Firefox debugging tools, I see Firefox does an expected POST request to the login page:
The MediaWiki server replies with a 302 Found and redirect to the Main Page on successful login, but Firefox considers this response insecure on some way that is not indicated. The "Security" tab in DevTools shows no security errors on the transaction.
I am able to reproduce this on multiple machines running Firefox 96.0, as well as with Troubleshooting Mode enabled. No errors occur with other tested browsers.
Is there a way to extract further debugging information from the browser?