Hello Zach,
I agree to James. Maybee the 45.2.0 firefoxes had luckily downloaded the
needed intermidiate at the time you tried to open your web page.
Do you know which CA is missing?
Than you could check if this CA is "Builtin Object Token" or a
downloaded "Software Security Module" (not sure about the correct
english name) in 45.2.0.
>Nothing jumps out at me from the main or security release notes as to
>why there should be any difference.
The CAs included in firefox (or more specific in the NSS) are changing
in nearly every release.
But, they are not stated in the normal release notes.
You can track the changes here:
https://wiki.mozilla.org/NSS:Release_Versions
Best regards
Sebastian Metzger
--
Sebastian Metzger
Debeka Krankenversicherungsverein a. G.
Debeka Lebensversicherungsverein a. G.
Debeka Allgemeine Versicherung AG
Debeka Pensionskasse AG
Debeka Bausparkasse AG
Abteilung Benutzer- und Endgerätedienste (IS/BE)
56058 Koblenz
Telefon: (02 61) 4 98 - 31 05
Telefax: (02 61) 4 98 - 20 99
E-Mail: sebastian.metz...@debeka.de
Internet: www.debeka.de
Besuchen Sie uns auch in sozialen Netzwerken.
Unsere Adressen finden Sie hier: www.debeka.de/socialmedia
Pflichtangaben der Debeka-Unternehmen
gemäß § 35a GmbHG / § 80 AktG: www.debeka.de/pflichtangaben
Am 29.06.2016 um 04:39 schrieb James Andrewartha:
On 29/06/16 05:43, Schuetz, Zach wrote:
One of our web applications is reachable from most browsers, including
current ESR 45.2.0. However, 45.1.0 (currently deployed in a few places)
gives an SSL error, saying the security chain is incomplete. Nothing
jumps out at me from the main or security release notes as to why there
should be any difference.
Now, the obvious answer is to tweak the security (already working with
our server team) and update Firefox everywhere, but why did this happen
in the first place, and is there any way for me to know if it’s likely
to happen again?
I believe that Firefox will cache intermediate certificates, so if you
visit a correctly-configured HTTPS site that uses the same chain, visits
to a incorrectly-configured site will work.
https://bugzilla.mozilla.org/show_bug.cgi?id=733232
https://bugzilla.mozilla.org/show_bug.cgi?id=629558
https://bugzilla.mozilla.org/show_bug.cgi?id=399324
http://superuser.com/questions/351516/do-intermediate-certificates-get-cached-in-firefox
___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise
To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise
or send an email to enterprise-requ...@mozilla.org with a subject of
"unsubscribe"