intermittent ssl_error_rx_unexpected_new_session_ticket errors in FF only
Several people in our organization have had intermittent problems connecting to some of our websites via Firefox. The problem has not been reported on other browsers. The error message that appears includes text such as:
-=-=- Begin Error Message -=-=- An error occurred during a connection to ksamedia.osu.edu.
SSL received an unexpected New Session Ticket handshake message.
(Error code: ssl_error_rx_unexpected_new_session_ticket) -=-=- End Error Message -=-=-
I have seen this message as well, and have confirmed that it does not appear in other browsers. It does appear on multiple sites from this server, and is a new behavior. I am using FF4, as is one other person who has seen the error. Another browser is somewhere in the 3.6.x family.
We recently upgraded the server to HTTPD 2.2.21 with OpenSSL 0.9.8r, downloaded from ApacheLounge At the same time we upgraded to PHP 5.3.8. The underlying OS is a 64-bit Windows Server. There has been no recent change to our SSL certificates.
My suspicion right now is that the problem was introduced during our upgrade to the Apache software - but I am finding almost no documentation about this error anywhere. As we are only seeing the problem in FF, I wanted to ask here if anyone has seen anything similar?
EDIT I was just able to paste the troubleshooting information for this happening on a sister site (same server) - ksacommunity.osu.edu
Okulungisiwe
All Replies (4)
Google Chrome reports this:
The connection uses SSL 3.0. The connection is encrypted using CAMELLIA_256_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism. The connection is not compressed. The connection had to be retried using SSL 3.0. This typically means that the server is using very old software and may have other security issues.
I works for me if I click "Try again" a few times.
We can usually get in by clicking "Try again", but that is at best a workaround. How are you seeing the Google Chrome report that you cite? I'm not sure how to interpret what it says - the server is running the latest release of httpd (2.2.21), so I'm not sure what could be "very old"?
There is something wrong with the setup for SSl on that server.
Try to ask advice at the mozillaZine Web Development/Standards Evangelism forum.
The helpers at that forum are more knowledgeable about web development issues.
You need to register at the mozillaZine forum site in order to post at that forum.
Thanks! I'll follow up there.