On Monday, April 7, 2014 at 6:33:50 PM UTC-4, Kathleen Wilson wrote:
All,
We have been working on a new certificate verification library for
Gecko, and would greatly appreciate it if you will test this new library
and review the new code.
Background
NSS currently has two code paths
On Monday 02 March 2015 13:51:24 Kurt Roeckx wrote:
On 2015-03-02 13:32, Hubert Kario wrote:
Not true. In Alexa top 1 million I found at least 439 servers which
support
only 3DES and have valid certificates. If Firefox removes RC4, I'm sure
that this will make this number effectively only
my.rutgers.edu only offers a single cipher suite
(TLS_RSA_WITH_RC4_128_SHA) and is TLS 1.1/1.2 intolerant [0]. We
essentially disabled RC4 and insecure fallback to TLS 1.0 by default,
which is why you're unable to connect with recent (i.e. pre-release)
versions of Firefox.
I filed bug 1139065 [1]
If this was working before and stopped working, then it sounds like a
bug. I would file one against NSS:
https://bugzilla.mozilla.org/enter_bug.cgi?product=NSScomponent=Libraries
(as far as I can tell, Firefox registers a callback that NSS calls to
get a certificate and private key; NSS determines
-Original Message-
From: David Keeler
Sent: Tuesday, March 03, 2015 14:18
If this was working before and stopped working, then it sounds like a
bug. I would file one against NSS:
https://bugzilla.mozilla.org/enter_bug.cgi?product=NSScompone
nt=Libraries
(as far as I can tell,
[ moved to this list, per
https://groups.google.com/d/msg/mozilla.support.firefox/Ba4MzFQxqP8/DbmDUCbJqxkJ
]
I was trying to figure why some of the uses were not having a chain sent to the
server for their client certificate, and it turns out Firefox does not send (by
default?) the chaining
6 matches
Mail list logo
