SSL peer reports incorrect Message Authentication Code (Error code: ssl_error_bad_mac_alert) after Firefox 36 Upgrade
When upgrading from Firefox 35 to 36 (Windows 8, 32 bit) I start getting "SSL peer reports incorrect Message Authentication Code (Error code: ssl_error_bad_mac_alert)" SSL errors on at least one website I use. (https://marketplace.ibmcloud.com).
The message only appears when I get redirected to the website again after a previous OpenID login (some more cookies are set). When I browse the website without authentication it works on the encryption without any issues.
None of [1] applied, I do not experience this problem with any other browser or the previous version of Firefox. It seems to be limited to the specific case. Clearing any kind of cache, enable / disabled the ssl3* mechanisms, did have zero effect.
Is there any other way to debug this or someone has an idea what changed with Firefox 36 to introduce this behavior? I downgraded back to 35 for now to work again.
All Replies (2)
Please contact the SSO developer of the Ibm website as well. The error is normally from an encrypted message coming from a previous session.
guigs trɔe
I created a ticket there as well for them to investigate, although knowing IBM I guess we know the answer already, if I hear anything from there I will let you know.
However, as the problem only occurs on the one version of Firefox as of right now, I'm inclined to role out potential server side issues as a reason and pass it to something within Firefox, or was there a change any encryption defaults that might force the server to switch to a different version or something that might have the bug?