I noticed that 2 revoked sites act differently when the following is set: about:config > security.tls.version.max = 0
site1: https://revoked.grc.com shows as revoked site2: https://revoked.cryptosec.net shows as certificate mismatch However, when the following is set: about:config > security.tls.version.max = 0 site1 + site 2: both show as revoked. I have full admin on site2, and i am speculating that the major difference is that I only have 1 public IP, and i attempt to run multiple ssl sites using apaches SNI. the certificate mismatch error detects the SSL certificate for my named virtual host "https://www.cryptosec.net";. It seems that this setting causes firefox to ignore SNI and load the default certificate when tls is disabled. Is this intended? Can anyone identify the relationship between this setting and how FF handles SNI? _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
