Problems on FF and IE after FP 25 update (SecureSocket problem?)

Thank you, I think FP-4198296 opened by someone else covers our case as well, we are getting the exact same behaviour.

I can confirm this problem. We are seeing widespread failure of applications that use SecureSocket across our install base (megaphonetv.com).

For us, the problem occurs in:

• Flash Player 25.0.0.127 running in Firefox on Windows
• Flash Player 25.0.0.127 running in Edge on Windows

The problem does not occur in:

• Chrome running on Windows
• Any Mac browser

I have posted two simple tests:

1) XMLSocket Test

http://moock.org/temp/xmlsocket/

2) SecureSocket Test

http://moock.org/temp/securesocket/

Test 1 connects to the server using XMLSocket. This works in all browsers.

Test 2 uses the exact same code, but connects to the server using SecureSocket. This fails in Firefox and Edge on Windows only. The connection appears to succeed, but Flash Player then freezes shortly thereafter.

Note that the bug already logged (FP-4198296):

1) does not mention SecureSocket

2) claims that the issue occurs on Mac, which was not the case in our tests

Would you like a new bug logged, or is this issue sufficiently documented now internally by Adobe engineering?

This issue is causing service outage for a vast number of our customers, some of whom cannot use Chrome due to corporate IT policies. We have customers writing us daily with complaints, so regular updates on the status of a fix would be greatly appreciated.

Thanks very much,

Colin

Thank you guys.  We're looking into FP-4198296 and I've also forwarded Colin's post along to the team.  We will report back on the bug report and this forum post ASAP.

Chris

Colin and others,

Could you check to see if you're using a self signed certificate with SecureSockets?  If so, please replace this with a cert from a CA (eg. https://letsencrypt.org/​).  We made security updates in our last release that appear to now have the restriction of disallowing self signed certs.  Please let us know how this works out for you.

Thanks,

Chris

Hi Chris,

We do not use a self-signed certificate. Our certificate is signed by Go Daddy. Details for the certificate are below, with some information redacted.

Common name: *.nnn.com

SANs: *.nnn.com, nnn.com

Valid from September 6, 2016 to September 6, 2017

Serial Number: nnn (nnn)

Signature Algorithm: sha256WithRSAEncryption

Issuer: Go Daddy Secure Certificate Authority - G2

Common name: Go Daddy Secure Certificate Authority - G2

Organization: GoDaddy.com, Inc.

Location: Scottsdale, Arizona, US

Valid from May 3, 2011 to May 3, 2031

Serial Number: nnn (nnn)

Signature Algorithm: sha256WithRSAEncryption

Issuer: Go Daddy Root Certificate Authority - G2

Common name: Go Daddy Root Certificate Authority - G2

Organization: GoDaddy.com, Inc.

Location: Scottsdale, Arizona, US

Valid from December 31, 2013 to May 30, 2031

Serial Number: nnn (nnn)

Signature Algorithm: sha256WithRSAEncryption

Issuer: The Go Daddy Group, Inc.

Organization: The Go Daddy Group, Inc.

Location: US

Valid from June 29, 2004 to June 29, 2034

Serial Number: nnn (nnn)

Signature Algorithm: sha1WithRSAEncryption

Issuer: The Go Daddy Group, Inc.

Hi Colin,

It was my understanding that we "fixed" this issue in our April release (by rolling back the changes that had caused the break).  So it should be widely available now.  I'll circle back with our dev team to verify.

Thanks,

Chris

Hi Chris,

We have now verified that the April 11, 2017 release indeed fixes the problem. Thanks for your help with this issue!

Colin