Slow SSL connect with Mozilla Firefox 2.0

  • 3512141
  • 28-Mar-2007
  • 26-Apr-2012

Environment

Novell iChain 2.3 Service Pack 4
Novell iChain 2.3 Service Pack 4 Interim Release 2
Novell iManager 2.6 on NetWare
Novell Remote Manager
Novell NetWare 6.5 Administration Server
Apache HTTP Server 2.XX on NetWare 6.5
Novell BorderManager 3.8 SSL Authentication

Situation

Slow SSL connect with Mozilla Firefox 2.0 to:
  • SSL web services on Novell NetWare 6.5 and Novell NetWare 6.0
  • Novell iChain 2.3 SSL enabled authentication pages and accelerator
SSL services on OES Linux (OpenSSL based) do not have this problem

Resolution

As a workaround turn off TLS 1.0 for Mozilla Firefox 2.0 using the following procedures:


1) For all Platforms (Firefox on Windows an Linux):
  • open the URL about:config
  • filter on tls
  • set the security.enable_tls from true to false
2) Firefox on Windows
  • open the Tools -> Options -> Advanced -> Encruption menu
  • disable "Use TLS 1.0
3) Firefox on Linux
  • open the Edit -> Preferences -> Advanced menu
  • disable "Use TLS 1.0"
This issue has been addressed to engineering
  • For iChain the fix has beenshipped with Novell iChain 2.3 Service Pack 5a
  • For NetWare 6.5 the fix will be included with Novell NetWare 6.5 Service Pack 7

Status

Reported to Engineering

Additional Information

With NetWare based services NILE is responsible for running the SSL handshake except for NLDAP which uses NTLS. Services using NILE are iChain 2.3 Interim Release 4a, Apache 2.XX HTTP server, Novell Remote Manager (HTTPSTK.NLM)

NILE does not return a response on an SSL client hallo packet using TLS 1.0 in the version header. Instead Mozilla Firefox 2.0 falls back using a SSL2 Version header in the SSL client hello after a few seconds