On 10/03/14 11:53 AM, Daniel Kahn Gillmor wrote: > Hi Austin-- > > On 03/08/2014 07:25 PM, Austin English wrote: > >> I'm not sure if this is a bug or intended behavior, so sending an email >> here. I've got a .p12 certificate imported into Firefox for employer >> related sites. In Firefox 27 on Fedora 64, the first time I browse to a >> site on bbc.co.uk, I receive a dialog asking to use my employer's cert on >> bbc.co.uk. (This cert, of course, has no effect on that site). Clicking >> either ok or cancel will dismiss the dialog, then load the non-https page. > > can you supply the full URL that you're seeing this behavior on, and > what IP address is being used for the bbc server (if possible)? i'm > trying to replicate this, and not seeing it. > > The TLS X.509 client certificate credential popup dialog box you're > seeing is usually caused by the server sending a TLS CertificateRequest > message. > > My tests have connected to bbc.co.uk on TCP port 443 of 212.58.246.104 > (from an IP address in the USA), and i don't see any TLS > CertificateRequest message coming from that server when i examine the > traffic in wireshark. > >> So, is this a bug or feature? Can HTTPS-Everywhere do anything in this case? >> >> Note: I've disabled the ruleset on my machine as a workaround, but I >> suspect users that have personal certificates in their browser is a >> relatively low proportion, so I wanted to make sure this is a known issue. > > I'd be happy to help diagnose the situation if you can help me reproduce > the problem. > > Regards, > > --dkg > > > > _______________________________________________ > HTTPS-Everywhere mailing list > [email protected] > https://lists.eff.org/mailman/listinfo/https-everywhere >
It's not on bbc.co.uk per se; it's on another site whose resources are requested by the main site. I *think* it's related to video content, but not sure.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
