ocsp check problem: sec_error_bad_database

2010-03-15 Thread Rafa M
Hi all, I'm testing some SSL sites in order to check SSL cert chains up to new root certificate from FNMT-RCM (Spanish Mint). I've tried to connect several Official sites (https://www.agenciatributaria.gob.es https://sedemeh.gob.es/) and I got this response: Error code:

Re: TLS logout in Firefox

2010-03-15 Thread Jean-Marc Desperrier
Nelson B Bolyard wrote: When the user says I want to clear my current session, which of those SSL sessions does he mean? The server whose name appear in his URL bar. Anyway if PSM does not expose a jave script method for accessing the clear cache command, I'm sure kai or myself would be

Idea for SoC-Project implementing PSS in NSS

2010-03-15 Thread Hanno Böck
Hi, I'm a student in computer science and I plan do my study thesis about RSA-PSS. Part of that could be implementing PSS in an open source project. A bit of background about PSS: Implementing RSA in real-world applications needs some kind of padding. Older methods, like the widespread pkcs #1

Re: Idea for SoC-Project implementing PSS in NSS

2010-03-15 Thread Wan-Teh Chang
2010/3/15 Hanno Böck ha...@hboeck.de: So I had the idea implementing RSA-PSS signature validation in NSS as a google summer of code project. The only bit of information about nss and pss was this old mailing list post:

OCSP check problem

2010-03-15 Thread Rafa M
Hi all, I'm testing some SSL sites in order to check SSL cert chains up to new root certificate from FNMT-RCM (Spanish Mint). I've tried to connect several Official sites (https://www.agenciatributaria.gob.es https://sedemeh.gob.es/) and I got this response: Error code:

Re: TLS logout in Firefox

2010-03-15 Thread Robert Relyea
On 03/11/2010 10:57 AM, Wan-Teh Chang wrote: 2010/3/11 Robert Relyea rrel...@redhat.com: The Microsoft thing is also non-standard. (and also not well documented -- which version of IE did it show up in?). I found it documented at

Re: Cipher not picked/enabled in a TLS session

2010-03-15 Thread Robert Relyea
On 03/15/2010 10:03 AM, Gregory BELLIER wrote: Robert Relyea a écrit : In sslsock.c, I print ssl3_CipherPrefSetDefault and I can see that my cipher is not enabled. Do you have any hints/tests which could help me ? Some tests I could do ? What am I missing ? OK, this is your

Re: Replacing keygen - A really bad idea

2010-03-15 Thread Robert Relyea
On 03/12/2010 10:12 PM, Anders Rundgren wrote: Why is replacing the 15 year old Netscape hack suddenly a bad idea? Because you cannot create a secure provisioning system without having some kind of [by the issuer recognizably] predefined key in the token. With such a key, the token would be