This was filed as:
For those following at home:
1. This is conformant behavior, though apparently it makes some servers sad.
2. I can't repro it in FF 52, so I'm going to need more detail to work on it
On Tue, Feb 21, 2017 at 8:10 AM, Richard Barnes via dev-security-policy <
> Hi Phil,
> Sorry to redirect again, but this mailing list probably isn't the right
> place either (it's mainly about certificates, not TLS). The best thing to
> do is probably to file a bug on this. That will get the attention of the
> folks who can diagnose and fix this issue.
> On Tue, Feb 21, 2017 at 7:04 AM, Phil Raptor via dev-security-policy <
> firstname.lastname@example.org> wrote:
> > Hello Experts,
> > We have a server that supports TLS1.0/1.1/1.2 and restricts SSL. FF 52
> > beta's tls config is min=1 and max=4 by default. Upon trying to access
> > server with FF 52, we are getting the below error -
> > Secure Connection Failed
> > The connection to xx.xx.xx.xx was interrupted while the page was loading.
> > The page you are trying to view cannot be shown because the
> > authenticity of the received data could not be verified.
> > Please contact the website owners to inform them of this problem.
> > Packet captures show Client Hello to be carrying SSL record layer instead
> > of TLS record layer. This happens if the max value is set as 3 or 4. For
> > other values, Client Hello is properly sent.
> > With FF 51.0.1, everything worked just fine.
> > So, we would like to know-
> > Why is FF 52 sending SSL record layer when it is configured to send TLS
> > record layer?
> > As this is beta version, would you recommend using this version and the
> > final version will have a proper implementation?
> > I have also raised a case in the common Mozilla forum and was advised to
> > touch base here - https://support.mozilla.org/t5/Firefox/How-does-FF-
> > determine-what-SSL-protocol-to-use-in-Client-Hello/m-p/
> > 1365371/highlight/false#M1034432
> > Kindly advise!
> > ___
> > dev-security-policy mailing list
> > email@example.com
> > https://lists.mozilla.org/listinfo/dev-security-policy
> dev-security-policy mailing list
dev-security-policy mailing list