Kai,
On 10/20/2014 16:47, Kai Engert wrote:
On Mon, 2014-10-20 at 16:45 -0700, Julien Pierre wrote:
What is the purpose of Firefox continuing to do any fallback at all ?
IMO, making a second connection with any lower version of SSL/TLS
defeats the intent of the SSL/TLS protocol, which have buil
On Tue, 21 Oct 2014 01:40:45 +0200
Kai Engert wrote:
> On Thu, 2014-10-16 at 20:51 +0200, Kai Engert wrote:
> > Do you claim that Firefox 34 will continue to fall back to SSL 3 when
> > necessary?
>
> Yes. If I understand correctly, it seems that Firefox indeed still falls
> back to SSL3, even w
On Mon, 2014-10-20 at 16:45 -0700, Julien Pierre wrote:
> What is the purpose of Firefox continuing to do any fallback at all ?
> IMO, making a second connection with any lower version of SSL/TLS
> defeats the intent of the SSL/TLS protocol, which have built-in defenses
> against protocol version
Kai,
What is the purpose of Firefox continuing to do any fallback at all ?
IMO, making a second connection with any lower version of SSL/TLS
defeats the intent of the SSL/TLS protocol, which have built-in defenses
against protocol version downgrade.
Isn't it time this fallback gets eliminated
Hubert,
On 10/20/2014 05:10, Hubert Kario wrote:
So I went over the https://wiki.mozilla.org/Security/Server_Side_TLS
article with a bit more attention to detail and I think we should
extend it in few places.
Especially if it is supposed to be also the general recommendation
for servers, not ju
On Thu, 2014-10-16 at 20:51 +0200, Kai Engert wrote:
> Do you claim that Firefox 34 will continue to fall back to SSL 3 when
> necessary?
Yes. If I understand correctly, it seems that Firefox indeed still falls
back to SSL3, even with SSL3 disabled.
I found
https://bugzilla.mozilla.org/show_bu
Hello,
I'm trying to use cmsutils from the NSS library to sign content with a
certificate from a smartcard. It works in Thunderbird/Icedove but I can't find
the command that will do the same action. If I try (the mail address has been
redacted):
$ cmsutil -S -i /tmp/txt -o /tmp/sign -d ~/.iced
Hello,
I'm trying to use cmsutils from the NSS library to sign content with a
certificate from a smartcard. It works in Thunderbird/Icedove but I can't find
the command that will do the same action. If I try (the mail address has been
redacted):
$ cmsutil -S -i /tmp/txt -o /tmp/sign -d ~/.iced
So I went over the https://wiki.mozilla.org/Security/Server_Side_TLS
article with a bit more attention to detail and I think we should
extend it in few places.
Especially if it is supposed to be also the general recommendation
for servers, not just for ones that are part of Mozilla network.
The i
9 matches
Mail list logo