Bug#744168: iceweasel: OCSP check takes more than 30 minutes per request, crashes
David Kuehling
dvdkhlng at posteo.de
Fri Apr 11 01:03:22 UTC 2014
Package: iceweasel
Version: 24.4.0esr-1~deb7u2
Severity: normal
File: /usr/bin/iceweasel
Dear Maintainer,
trying to load a single encrypted websites, such as
https://bugs.debian.org now takes more than 30 minutes during which
(according to tcpdump, ifttop) firefox keeps talking to
ocsp.commodoca.com, downloading over 70 Mbyte in the process. No, my
internet connection is not the bottleneck here (> 10mbit).
Seems to depend on certifcate authority, I was only able to reproduce
this particlar problem for websites that use Comodo's CA.
This may be result of the heartbleed bug causing lots of certificates to
be revoked? Unfortunately it makes HTTPS (or OCSP) completely unusable.
Once the site is loaded, further operation is nominal, but the delay
occurs again when Iceweasel is restarted (note: I have disabled harddisk
cache for privacy reasons, don't know whether configuring a sufficiently
large cache would help).
Update: It gets worse: during my last test Iceweasel crashed after 78
Megabyte had been downloaded from ocsp.comodoca.com, ca 45 minutes after
initiating the loading of https://bugs.debian.org
cheers,
David
-- Package-specific info:
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20140411/17c4aaf0/attachment.ksh>
-------------- next part --------------
*** Please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these lines ***
-- System Information:
Debian Release: 7.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages iceweasel depends on:
ii debianutils 4.3.2
ii fontconfig 2.9.0-7.1
ii libc6 2.13-38+deb7u1
ii libgdk-pixbuf2.0-0 2.26.1-1
ii libglib2.0-0 2.33.12+really2.32.4-5
ii libgtk2.0-0 2.24.10-2
ii libsqlite3-0 3.7.13-1+deb7u1
ii libstdc++6 4.7.2-5
ii procps 1:3.3.3-3
ii xulrunner-24.0 24.4.0esr-1~deb7u2
iceweasel recommends no packages.
Versions of packages iceweasel suggests:
pn fonts-mathjax <none>
ii fonts-oflb-asana-math 000.907-4
ii fonts-stix [otf-stix] 1.1.0-1
ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u1
ii mozplugger 1.14.1-1
Versions of packages xulrunner-24.0 depends on:
ii libasound2 1.0.25-4
ii libatk1.0-0 2.4.0-2
ii libbz2-1.0 1.0.6-4
ii libc6 2.13-38+deb7u1
ii libcairo2 1.12.2-3
ii libdbus-1-3 1.6.8-1+deb7u1
ii libdbus-glib-1-2 0.100.2-1
ii libevent-2.0-5 2.0.19-stable-3
ii libfontconfig1 2.9.0-7.1
ii libfreetype6 2.4.9-1.1
ii libgcc1 1:4.7.2-5
ii libgdk-pixbuf2.0-0 2.26.1-1
ii libglib2.0-0 2.33.12+really2.32.4-5
ii libgtk2.0-0 2.24.10-2
ii libhunspell-1.3-0 1.3.2-4
ii libmozjs24d 24.4.0esr-1~deb7u2
ii libpango1.0-0 1.30.0-1
ii libstartup-notification0 0.12-1
ii libstdc++6 4.7.2-5
ii libvpx1 1.1.0-1
ii libx11-6 2:1.5.0-1+deb7u1
ii libxext6 2:1.3.1-2+deb7u1
ii libxrender1 1:0.9.7-1+deb7u1
ii libxt6 1:1.1.3-1+deb7u1
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages xulrunner-24.0 suggests:
ii libcanberra0 0.28-6
ii libgnomeui-0 2.24.5-2
-- no debconf information
--
GnuPG public key: http://dvdkhlng.users.sourceforge.net/dk2.gpg
Fingerprint: B63B 6AF2 4EEB F033 46F7 7F1D 935E 6F08 E457 205F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 229 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20140411/17c4aaf0/attachment.sig>
More information about the pkg-mozilla-maintainers
mailing list