Bug#592315: firefox/chromium fails with libnss3-1d from unstable
On Mon, Aug 09, 2010 at 10:27:20AM +0200, Mike Hommey wrote: > Long story short: the server is insecure (see the upstream bug below). > > A workaround for iceweasel is given here: > https://bugzilla.mozilla.org/show_bug.cgi?id=583337#c6 As I use chromium the workaround provided of setting ssl3.dhe to false isn't going to work. Probably modutils from NSS security tools but I didn't get much time for reading or playing with that. So, I thought I'd try the suggestion as given in this bug report in particular: --- I suggest that Mozilla ask portal-plumprod.cgc.enbridge.com to fix this server configuration problem. The simplest fix is probably to disable all DHE cipher suites. --- I wrote to Citylink "contact us" myself and thought that as I'm a really valued customer it might be worth a shot to let then know to improve their very weak security. Although I'm already thinking it's going to be a very long shot -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#592315: firefox/chromium fails with libnss3-1d from unstable
On Mon, Aug 09, 2010 at 05:50:43PM +1000, Chris Donoghue wrote: > Package: libnss3-1d > Version: 3.12.7-1 > Severity: normal > Tags: sid > > > This fails on chromium and firefox on certain https sites. > > e.g. going to https://www.citylink.com.au (...) > > Installing back version 3.12.6-3 makes things work again. Long story short: the server is insecure (see the upstream bug below). A workaround for iceweasel is given here: https://bugzilla.mozilla.org/show_bug.cgi?id=583337#c6 Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#592315: firefox/chromium fails with libnss3-1d from unstable
Package: libnss3-1d Version: 3.12.7-1 Severity: normal Tags: sid This fails on chromium and firefox on certain https sites. e.g. going to https://www.citylink.com.au gives error --- This webpage is not available. The webpage at https://www.citylink.com.au/ might be temporarily down or it may have moved permanently to a new web address. More information on this error Below is the original error message Error 2 (net::ERR_FAILED): Unknown error. --- The site also fails in iceweasel with error --- Secure Connection Failed An error occurred during a connection to www.citylink.com.au. SSL received a malformed Server Key Exchange handshake message. (Error code: ssl_error_rx_malformed_server_key_exch) * The page you are trying to view can not be shown because the authenticity of the received data could not be verified. * Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site. --- Installing back version 3.12.6-3 makes things work again. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
