Bug#727528: connection reset on https://login.capitalone.com
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jun 20 14:12:49 UTC 2014
On 06/20/2014 08:34 AM, Dara Adib wrote:
> I still can't access https://login.capitalone.com/ and
> https://login1.capitalone.com/ with Iceweasel. Strangely, it seems to
> be caused by the presence of iceweasel (case insensitive) in the user
> agent, regardless of the browser/OS.
>
> I tested both Midori in Debian and Firefox on a Windows 8 VM. If
> iceweasel is in the user agent (by itself or as part of a longer
> string), the connection is reset (or in the case of Midroi,
> "terminated unexpectedly"). If a garbage or blank user agent is used,
> the connection works.
>
> Can anyone confirm? This would be appear to be a
> problem/misconfiguration on Capital One's end.
I can confirm this. It's replicable by comparing the different behavior
with the following two oneliners:
(printf 'GET / HTTP/1.1\r\nHost: login.capitalone.com\r\nUser-Agent:\
firefox\r\n\r\n' && sleep 5) | gnutls-cli login.capitalone.com
(printf 'GET / HTTP/1.1\r\nHost: login.capitalone.com\r\nUser-Agent:\
iceweasel\r\n\r\n' && sleep 5) | gnutls-cli login.capitalone.com
The first command produces a proper HTTP response, and the second
command shows "*** Server has terminated the connection abnormally."
It's not clear to me why Capital One would do this, but it's pretty
clear that it's based on the user-agent string. sending just "icewease"
as the User-Agent (without the final "l") also completes in a sane way;
adding the final "l" causes the terminated connection.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20140620/ea2d5ea1/attachment.sig>
More information about the pkg-mozilla-maintainers
mailing list