Julien Pierre wrote:
Perhaps we should have something like this too. Do we have something in
NSS to clear the cache for all SSL client sessions ? I don't seem to
recall that we do.
I seem to remember that the function has been implemented, but it has no UI.
checks
No, I was thinking of HTTP
Julien Pierre wrote:
Yeah, the latest version of IE 6.0 has a new button in the Certificates
portion of the Contents tab in the Internet Options control panel.
The new button says Clear SSL State. Their context-dependent help
says it wipes out the SSL cache. Presumably this is so that you can
Julien Pierre wrote:
In order to login again to the same server with a new identity, you
would need to invalidate the SSL session. [...]
[...] it's pretty
hard to envision what that would look like, from a user interface
point of view.
There might be a simple solution.
See
Nelson Bolyard wrote:
Once you authenticate to a server that properly implements SSL session
caching, each subsequent time you visit that server (until 24 hours
pass, or you restart your browser), the client will say to the server
I've previously authenticated an SSL sesiion with you, and here's
Jean-Marc,
Jean-Marc Desperrier wrote:
Nelson Bolyard wrote:
Once you authenticate to a server that properly implements SSL session
caching, each subsequent time you visit that server (until 24 hours
pass, or you restart your browser), the client will say to the server
I've previously
Julien Pierre wrote:
Jean-Marc,
Jean-Marc Desperrier wrote:
For more advanced usage of client authentification, it can happen that
you own several certs representing several identities that you may
wish to wish concurently to connect to the server, or to change
without having to close the
Nelson,
Nelson B wrote:
Julien Pierre wrote:
Jean-Marc,
Jean-Marc Desperrier wrote:
For more advanced usage of client authentification, it can happen that
you own several certs representing several identities that you may
wish to wish concurently to connect to the server, or to
I am investigating how mozilla deals with client certificate
authentication.
So far, i understood there are two modes, according on how the option
client certificate selection is set.
When select automatically is set, mozilla chooses the newest client
certificate, i.e, the one that has the most
Stephen Henson wrote:
In article [EMAIL PROTECTED], [EMAIL PROTECTED] says...
Henrik,
Henrik Gemal wrote:
How does Mozilla select certificates to show to a webserver when the
server asks for a certificate?
The web server firstsends Mozilla a list of valid CA certificates from
Stephen Henson wrote:
My tests on Mozilla 1.2.1 show it tolerates an empty set and interprets
it as any CA. Maybe thats NSS 3.6 because that's the version the
Generic Crypto Services HW version shows up as.
Hmm. The change that allowed empty CA name lists was rev 1.44 of ssl3con.c
which
Henrik,
Henrik Gemal wrote:
How does Mozilla select certificates to show to a webserver when the
server asks for a certificate?
The web server firstsends Mozilla a list of valid CA certificates from
which it will accept client cert.
Mozilla then looks through the available client certs. The
In article [EMAIL PROTECTED], [EMAIL PROTECTED] says...
Henrik,
Henrik Gemal wrote:
How does Mozilla select certificates to show to a webserver when the
server asks for a certificate?
The web server firstsends Mozilla a list of valid CA certificates from
which it will accept client
Stephen Henson wrote:
Although a server sending an empty list is strictly speaking illegal in
SSL/TLS some implementations will tolerate it and interpret it as any
CA.
No idea if Mozilla does though...
NSS enforces the SSL/TLS specs and will not tolerate an empty CA cert
list from the
I'm involved in a project evaluating PKI for some local applications.
Thus I have several certificates and others are added and deleted
regularly. I'm new to this. Lots of trial and error going on here.
I have to keep going back and re-selecting my email encryption
certificate. The one I want
Usually, when you import a certificate into Mozilla, each certificate
will get assigned a unique nickname. The cert stored in the internal
database will remember the association from actual cert to nickname.
The configuration in mail remembers the cert nickname.
If you are testing and doing
15 matches
Mail list logo
