While Browsing our site with FIREFOX (any version and only with firefox) some amount of users are complaining that from time to time they are getting an SSL error that may be connected to FIREFOX TLS.
the error is: "SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET "
Technical info: We are using APACHE2 (TLS Enable and SSL V3) and Tomcat as back end. OS - Redhat FW - Cisco ASA Certificate - VeriSign Wildcard
Some URLs that are affected: https://www.plimus.com/jsp/buynow.jsp?contractId=1
Feedback? Can anyone else open it with other browsers? Please let us know if you find the cause of the problem.
Sorry the URL was a mistake
the right one is https://www.plimus.com/jsp/buynow.jsp?contractId=1
the other is blocked with FW.
Hi guys, any 1 has an idea about this matter?
I have the same problem. Any news ?
Google Chrome reports on https://www.plimus.com/jsp/buynow.jsp?contractId=1
Your connection to www.plimus.com is encrypted with 256-bit encryption. The connection uses SSL 3.0. The connection is encrypted using AES_256_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism. The connection is not compressed. The connection had to be retried using SSL 3.0. This typically means that the server is using very old software and may have other security issues.
It works in Firefox if I disable TLS 1.0, so there is definitely something wrong with that server.
Hi Cor-el, what type of old software you talking about?
APACHE?, OPEN_SSL? redhat?
thank you for your help
I don't know.
I'm not an expert with configuring server or SSL.
I assume that it is the server software and that an updated SSL package that supports TLS properly needs to be installed or updated on the server.
It was Google Chrome that gave me the idea to check Firefox with TLS 1.0 disabled.
Firefox seems to cache it because I didn't get the error now with TLS enabled and only after using Clear Recent History to clear the "Active Logins" then I got the SSL error page back and not via a reload with bypassing the cache (Ctrl+F5).
Hi, first i'd like to thank you for your help Cor-el but that's not the case in our end. i'm using latest Apache and OPENSSL versions on our servers.
can you send me the URL for tool that you used for testing in google chrome (or it was the browser itself?)
i'll be happy to know if you or anyone else has any other ideas or comments...