FireFox with SSL

Discussion to talk about software related topics only.
RebootExpert
Posts: 78
Joined: Fri Oct 09, 2020 2:57 pm

FireFox with SSL

Post by RebootExpert »

I have an application with SSL and web server enable. The web page will keep sending XMLHttpRequest to web server every second. This works fine in Chrome whether it's http or secure http. It works in FireFox for non secured http too.
However, if I open the web page via https in FireFox, it works for 5 minute, after that I won't get any response from the web server, and my main loop just hang there. If I close the web page in FireFox, the application works again.
User avatar
pbreed
Posts: 1080
Joined: Thu Apr 24, 2008 3:58 pm

Re: FireFox with SSL

Post by pbreed »

What NNDK version?
RebootExpert
Posts: 78
Joined: Fri Oct 09, 2020 2:57 pm

Re: FireFox with SSL

Post by RebootExpert »

2.9.3 and MOD5144X
RebootExpert
Posts: 78
Joined: Fri Oct 09, 2020 2:57 pm

Re: FireFox with SSL

Post by RebootExpert »

I created a simple helloworld app that use the same mechanism to communicate between the webpage and server. Instead the main loop hang forever after 5minutes, this time it hang 3~5 second several times for every 5 minutes with the webpage open with https in Firefox. After that, the server will respond back. Still not sure why what cause it. Please see the attached for the simple program source code and debug output.
Attachments
debug3.png
debug3.png (9.75 KiB) Viewed 2801 times
debug2.png
debug2.png (8.1 KiB) Viewed 2801 times
debug1.png
debug1.png (9.68 KiB) Viewed 2801 times
firefoxSSL.zip
(1.84 KiB) Downloaded 131 times
User avatar
TomNB
Posts: 538
Joined: Tue May 10, 2016 8:22 am

Re: FireFox with SSL

Post by TomNB »

I have recently found an issue with the bitdefender firewall in an application I was working on. To make a system "secure", it checks the bitdefender database for certificate and connection validation instead of using the certificate authority list in the browser. Behavior is much worse in firefox than chrome. In some cases negotiation times went from 6 sec to a minute. Worse yet, in the end, when I looked at the certification used by the browser, it was a dynamically created bitdefender cert instead of the self-signed cert I created for my device. This has very bad implications for any devices using self-signed certs. A browser can open a multitude of simultaneous connections if it starts getting behind.

I'm not saying this is your issue as well, but there are two tests that would be interesting:

1. Disable all firewall and anti-virus s/w and repeat your tests. This is how I found the bitdefender issue on my machine. When I then white-listed the IP address of my device, all the problems went away.

2. Change the refresh time from 1 second to something much longer, like 60 seconds, and see if it ever encounters this problem. You would have to wait a lot longer, like an overnight test.
RebootExpert
Posts: 78
Joined: Fri Oct 09, 2020 2:57 pm

Re: FireFox with SSL

Post by RebootExpert »

Firefox does use my own certificate. I tried test it with the firewall disabled, and same thing happened. I also tried test in my own PC at home with full control of the network, it act the same. I wonder do you see the same thing in your end by using my sample project?
User avatar
TomNB
Posts: 538
Joined: Tue May 10, 2016 8:22 am

Re: FireFox with SSL

Post by TomNB »

We can look into that, in the mean time, what were your test results for question 2 from Monday?

2. Change the refresh time from 1 second to something much longer, like 60 seconds, and see if it ever encounters this problem. You would have to wait a lot longer, like an overnight test.
RebootExpert
Posts: 78
Joined: Fri Oct 09, 2020 2:57 pm

Re: FireFox with SSL

Post by RebootExpert »

Yes there are still some several second delay in the main loop for 60second refresh rate.
User avatar
TomNB
Posts: 538
Joined: Tue May 10, 2016 8:22 am

Re: FireFox with SSL

Post by TomNB »

What may be happening is firefox handles negotiating a ssl connection differently than chrome, and its taking a number of seconds longer. Negotiating a ssl connection can take between 2 and 6 seconds, so if your trying to make one every second things will back up.

By default, other than the RTOS idle task, UserMain is set to the lowest priority. In a real-time os, the highest priority task ready to run will run, meaning higher priority tasks than UserMain will run. For example, the rtos functions, network functions, etc, will take priority. For whatever reason the combination of your javascript code and firefox is taking a long time to process, and the network stack and secure web server have higher priority, so you see a jump in seconds.

I am not a javascript programmer, so I can't comment on that, but one way to determine what is going on is to compare a wireshark trace from a chrome session, compare it to a firefox session, and note the time differences. If firefox is causing things to run so slow you run out of sockets, then lower priority tasks won't run much as all. The 60 second test I asked you to try seems to confirm that when using firefox the negotiation is taking much longer than with chrome, even if the refresh is 60 seconds apart.
User avatar
TomNB
Posts: 538
Joined: Tue May 10, 2016 8:22 am

Re: FireFox with SSL

Post by TomNB »

Just another through on this. For TCP and SSL/TLS, all the overhead is in the creating of the socket. If you want fast updates, it seems a better way would be to create a permanent connection, so you only negotiate once. This could be done a number of ways, such as web sockets, or creating a tcp server task on the nb device to which your javascript code connects to. So the connection stays open as long as your on the page.
Post Reply