On 8/10/12 6:29 AM, [email protected] wrote: > FWIW the results on Nightly here are as follows: > > https://blog.getfirebug.com/2012/07/13/firebug-1-10-0/ no > warning, but no padlock for HTTPS is shown.
That's "normal" -- the site includes a few images from http://getfirebug.com/ and the padlock goes away in "mixed" mode. It's not what Gus was seeing: for some reason the server is giving him the wrong certificate entirely. Too bad Gus is running the latest Firefox and Aurora. Much, much older versions of Firefox didn't have a feature to support multiple SSL servers hosted at the same IP address and that could have perfectly explained the certs he was getting (for blog.getfirebug.com at least). I'm not sure how far you'd have to go back to hit such a version; pretty far, a quick check shows Firefox 3.6 supports SNI. It doesn't seem like the kind of thing we'd have a preference to disable. -Dan _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
