powered by Jive Software

Connection reset in Firefox when launching Admin Console with SSL

It started a week ago. My coworker complained that he can’t connect to Admin Console. Firefox throws an error that Connection was reset by a server. Non SSL 9090 port works fine, also SSL port works in IE9. At that moment it worked fine in my Firefox and worked till today. Today i’m facing same connection resets. Wonder if someone else experience this. I have upgraded 3.8.2 to 3.9.1 somewhere between it first occured and when it occured to me. So it is not 3.9.1 issue.

Certificates were regenerated maybe a month or so ago. Maybe it is related. Will try to remove and generate them again (self-signed ones, generated by Openfire).

Or maybe something changed in Firefox. Can’t say what version was in use a week ago by my coworker. I’m now on 27.0.1, but it was released just a few days ago, so he couldn’t already had 27.0.1. Most probably he was with 27.0.

Certificates regeneration and server restart didn’t change anything. Will have to switch to non-ssl for now… This is weird, especially as it happened not at once to both of us. And logs are not working on my server because of a wrong sl4j configuration on linux version, argh

So, i’ve tried to downgrade to Firefox 26 and it works fine via https. Back to 27 and again connection was reset errors. So, something changed in Firefox, maybe related to self-signed certificates…

maybe this bug report is helpful?

https://bugzilla.mozilla.org/show_bug.cgi?id=564421#c28

looks like it was a regression at some point, but the ticket was recently updated in janruary of this year. looks like soem people were able to solve the problem by deleting the permissions.sqlite database from i believe %APPDATA%

Will take a look at this tomorrow. Though i thought i have tried logging in with running Firefox as admin, and it should have clean profile. Wonder what this permissions.sqlite holds. My Firefox profile is rather… old. Maybe 10 years old now I’m just upgrading from 1.5 version i think keeping the same profile. Doing same at home and it works with SSL and 27 version.

after a few bad firefox updates and then a large memory leak last year or the year prior (1 tab consuming 1GB+ of ram), i made the switch to using Chrome/Chromium… the html developer tools are much better anyhow, which makes me happy lol. of course chrome “spies” on you a bit more, but, eh… i don’t use the browser like a “normal” person though, tend to have 50+ tabs open at once and leave them open for weeks, sometimes months at a time.

Browser flame wars, really? Well, i’m just used to Firefox (using it starting with Firebird for, oh my, 12 years? never ever had big problems with memory, even when using it on XP machine with 256 MB RAM in the past. It can be sluggish sometimes, but i usually use it in 8-12 hours sessions and then turn off it. So it can handle many tabs for me, sometimes hundreds Also i’m used that i can cutomize it the way i like and have useful add-ons. Never used Chrome for a long time, just testing some things, but my, Chrome settings is a black hole. Always a pain when someone asks to fix something and searching for simple things like changing home page in Google…

Removal of permissions.sqlite didn’t help. Must be something else.

Try https://support.mozilla.org/en-US/questions/985476

Setting security.tls.version.max to 1 (was 3) indeed helps. Wondering what is the cause of this (Openfire supporting only older TLS version?). If i keep it on 1, maybe i will face issues with other sites using newer version of TLS?

Firefox will no longer try to use TLS 1.2 - this shouldn’t be a big issue.

http://community.igniterealtime.org/message/235682#23568

You could try to limit the Openfire ciphers, this could also help.

Or try a JRE update/downgrade, it is involved in the SSL handshake.

That must be it. My production server is stuck with some 1.7.0_1 version of Java i think. I have tried to upgrade it recently, but Arch linux has removed Oracle Java from mainstream and it is only available via AUR (compiling involving). I’ve decided not to mess with it and plan moving to Windows box. Then i will have latest Java Like i have at home on my test box and that’s why i don’t have this issue there.