On 29/06/16 05:43, Schuetz, Zach wrote: > One of our web applications is reachable from most browsers, including > current ESR 45.2.0. However, 45.1.0 (currently deployed in a few places) > gives an SSL error, saying the security chain is incomplete. Nothing > jumps out at me from the main or security release notes as to why there > should be any difference. > > Now, the obvious answer is to tweak the security (already working with > our server team) and update Firefox everywhere, but why did this happen > in the first place, and is there any way for me to know if it’s likely > to happen again?
I believe that Firefox will cache intermediate certificates, so if you visit a correctly-configured HTTPS site that uses the same chain, visits to a incorrectly-configured site will work. https://bugzilla.mozilla.org/show_bug.cgi?id=733232 https://bugzilla.mozilla.org/show_bug.cgi?id=629558 https://bugzilla.mozilla.org/show_bug.cgi?id=399324 http://superuser.com/questions/351516/do-intermediate-certificates-get-cached-in-firefox -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 _______________________________________________ Enterprise mailing list Enterprise@mozilla.org https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to enterprise-requ...@mozilla.org with a subject of "unsubscribe"