Opened 15 months ago

Last modified 15 months ago

#24723 new defect

When I go to https://www.sss.gov/ I get a error "secure Connection Failed" every time

Reported by: Dbryrtfbcbhgf Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-usability-website
Cc: brade, mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When I go to https://www.sss.gov/ I get a error "secure Connection Failed" every time. Here is the full error code.

An error occurred during a connection to www.sss.gov. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

Child Tickets

Change History (7)

comment:1 Changed 15 months ago by cypherpunks

comment:2 Changed 15 months ago by cypherpunks

Secure Connection Failed

An error occurred during a connection to www.sss.gov. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

comment:3 in reply to:  1 Changed 15 months ago by Dbryrtfbcbhgf

Replying to cypherpunks:

https://www.ssllabs.com/ssltest/analyze.html?d=www.sss.gov

No error. ESR related?

This bug does not occur on Firefox ESR 52.5.2 (64-bit)

comment:4 Changed 15 months ago by gk

Keywords: tbb-usability-website added

Weird.

comment:5 Changed 15 months ago by mcs

Cc: brade mcs added

Perhaps this is a case of the website treating incoming Tor connections badly? I can connect without errors in Tor Browser 7.5a10 if I bypass the tor proxy, and I can reproduce the SSL_ERROR_RX_RECORD_TOO_LONG error using Firefox 57.0.4 when it is configured to use a tor proxy.

comment:6 Changed 15 months ago by gk

Huh, interesting. What are they doing at the TLS level, though, and why? I mean there should be easier ways to ban Tor users...

comment:7 Changed 15 months ago by dcf

SSL_ERROR_RX_RECORD_TOO_LONG, in my experience, often happens when you try to talk TLS to a non-TLS port. You'll see it, for example, when you go to https://www.example.com:80/ (TLS to port 80 instead of port 443).

Maybe this site has a bug in its load balancer, or something like that, such that TLS gets directed to a plaintext port somewhere on the backend. It's weird that it only happens when you access from Tor, but maybe they had a special rule for Tor and they didn't update it when they updated something else.

Note: See TracTickets for help on using tickets.