This was filed as: https://bugzilla.mozilla.org/show_bug.cgi?id=1341375
For those following at home: 1. This is conformant behavior, though apparently it makes some servers sad. 2. I can't repro it in FF 52, so I'm going to need more detail to work on it -Ekr On Tue, Feb 21, 2017 at 8:10 AM, Richard Barnes via dev-security-policy < [email protected]> wrote: > Hi Phil, > > Sorry to redirect again, but this mailing list probably isn't the right > place either (it's mainly about certificates, not TLS). The best thing to > do is probably to file a bug on this. That will get the attention of the > folks who can diagnose and fix this issue. > > https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=Libraries > > Thanks, > --Richard > > On Tue, Feb 21, 2017 at 7:04 AM, Phil Raptor via dev-security-policy < > [email protected]> wrote: > > > Hello Experts, > > We have a server that supports TLS1.0/1.1/1.2 and restricts SSL. FF 52 > > beta's tls config is min=1 and max=4 by default. Upon trying to access > our > > server with FF 52, we are getting the below error - > > > > Secure Connection Failed > > > > The connection to xx.xx.xx.xx was interrupted while the page was loading. > > > > The page you are trying to view cannot be shown because the > > authenticity of the received data could not be verified. > > Please contact the website owners to inform them of this problem. > > > > Packet captures show Client Hello to be carrying SSL record layer instead > > of TLS record layer. This happens if the max value is set as 3 or 4. For > > other values, Client Hello is properly sent. > > With FF 51.0.1, everything worked just fine. > > > > So, we would like to know- > > Why is FF 52 sending SSL record layer when it is configured to send TLS > > record layer? > > As this is beta version, would you recommend using this version and the > > final version will have a proper implementation? > > > > I have also raised a case in the common Mozilla forum and was advised to > > touch base here - https://support.mozilla.org/t5/Firefox/How-does-FF- > > determine-what-SSL-protocol-to-use-in-Client-Hello/m-p/ > > 1365371/highlight/false#M1034432 > > > > Kindly advise! > > _______________________________________________ > > dev-security-policy mailing list > > [email protected] > > https://lists.mozilla.org/listinfo/dev-security-policy > > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
