Please file a new bug here:
https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=Security%3A%20PSM
It would be helpful if you attached the certificate the device is sending.
On 07/01/2015 08:15 AM, pavel.shlyon...@gmail.com wrote:
> Hello guys.
>
> Just updated firmware in my Sonicwa
Hello guys.
Just updated firmware in my Sonicwall TZ210W
Now unable to sign in to management page.
Secure Connection Failed
The page you are trying to view cannot be shown because the authenticity of the
received data could not be verified.
Please contact the website owners to inform them of thi
my.rutgers.edu only offers a single cipher suite
(TLS_RSA_WITH_RC4_128_SHA) and is TLS 1.1/1.2 intolerant [0]. We
essentially disabled RC4 and insecure fallback to TLS 1.0 by default,
which is why you're unable to connect with recent (i.e. pre-release)
versions of Firefox.
I filed bug 1139065 [1] a
On Monday, April 7, 2014 at 6:33:50 PM UTC-4, Kathleen Wilson wrote:
> All,
>
> We have been working on a new certificate verification library for
> Gecko, and would greatly appreciate it if you will test this new library
> and review the new code.
>
> Background
>
> NSS currently has two code
> On Nov 5, 2014, at 3:43 PM, crodenb...@gmail.com wrote:
>
> On Thursday, October 16, 2014 3:04:59 PM UTC-5, treb...@gmail.com wrote:
>> On Monday, April 7, 2014 6:33:50 PM UTC-4, Kathleen Wilson wrote:
>>> All,
>>>
>>>
>>>
>>> We have been working on a new certificate verification library fo
On Thursday, October 16, 2014 3:04:59 PM UTC-5, treb...@gmail.com wrote:
> On Monday, April 7, 2014 6:33:50 PM UTC-4, Kathleen Wilson wrote:
> > All,
> >
> >
> >
> > We have been working on a new certificate verification library for
> >
> > Gecko, and would greatly appreciate it if you will te
Le jeudi 16 octobre 2014 22:04:59 UTC+2, treb...@gmail.com a écrit :
[...]
> YOU F**KTARDS.. SOMETIMES WE HAVE ABSOLUTELY ZERO F**KING CONTROL OVER THE
> SSL CERT PRESENTED.. WE **know** IT SHOULD BE TRUSTED BECAUSE ITS AN INTERNAL
> F**KING DEVICE, AND DON'T GIVE ONE FLYING F**K IF THE CERT IS
On Monday, April 7, 2014 6:33:50 PM UTC-4, Kathleen Wilson wrote:
> All,
>
>
>
> We have been working on a new certificate verification library for
>
> Gecko, and would greatly appreciate it if you will test this new library
>
> and review the new code.
>
>
>
> Background
>
>
>
> NSS c
On Thu, Oct 2, 2014 at 9:03 AM, wrote:
> Maybe there is something that can be done to hep this situation? Maybe these
> old "private" certificates need to be cleaned out on upgrade? Or maybe
> something in the code that is going nuts trying to validate these "private"
> certificates needs to b
I am accessing pfSense router/s that have self-generated certificates so
obviously they do not validate publicly. Prior to Firefox 31 I had the security
warning and had clicked through to add the certificate for a number of these
routers on our internal networks.
The list of certificates in Fire
I am accessing pfSense router/s that have self-generated certificates so
obviously they do not validate publicly. Prior to Firefox 31 I had the security
warning and had clicked through to add the certificate for a number of these
routers on our internal networks.
The list of certificates in Fire
On Monday, April 7, 2014 6:33:50 PM UTC-4, Kathleen Wilson wrote:
> All,
>
>
>
> We have been working on a new certificate verification library for
>
> Gecko, and would greatly appreciate it if you will test this new library
>
> and review the new code.
>
>
>
> Background
>
>
>
> NSS c
Hi Julien,
Currently there is no way to override that behavior. We're working on
improving the situation in bug 1009161.
See also bug 1054368 regarding a way to view the certificate for
non-overridable errors.
If you can get in touch with whoever administers the internal
certificates, I would enco
Brian,
I just ran into the Netscape Cert Type critical extension issue with an
internal cert.
Is there an override setting to allow this cert to work in Firefox still ?
IMO, the Firefox behavior is particularly bad, because Firefox won't
even let you look at the cert details to see what the p
On Aug 11, 2014, at 3:58 PM, br...@consultbruce.com wrote:
> On Monday, April 7, 2014 6:33:50 PM UTC-4, Kathleen Wilson wrote:
>> All,
>>
>>
>>
>> We have been working on a new certificate verification library for
>>
>> Gecko, and would greatly appreciate it if you will test this new library
On Monday, April 7, 2014 6:33:50 PM UTC-4, Kathleen Wilson wrote:
> All,
>
>
>
> We have been working on a new certificate verification library for
>
> Gecko, and would greatly appreciate it if you will test this new library
>
> and review the new code.
>
>
>
> Background
>
>
>
> NSS c
On Aug 5, 2014, at 1:25 PM, Brian Smith wrote:
> On Tue, Aug 5, 2014 at 9:51 AM, wrote:
>> Since updating to 31, I have not been able to log into a self signed web
>> page:
>>
>> Secure Connection Failed
>>
>> An error occurred during a connection to taiserver:444. Certificate key
>> usage
On Tue, Aug 5, 2014 at 9:51 AM, wrote:
> Since updating to 31, I have not been able to log into a self signed web page:
>
> Secure Connection Failed
>
> An error occurred during a connection to taiserver:444. Certificate key usage
> inadequate for attempted operation. (Error code:
> sec_error_i
Since updating to 31, I have not been able to log into a self signed web page:
Secure Connection Failed
An error occurred during a connection to taiserver:444. Certificate key usage
inadequate for attempted operation. (Error code: sec_error_inadequate_key_usage)
How do I get this corrected?
Mi
On 08/02/2014 08:39 AM, colinhogg...@gmail.com wrote:
> Since the latest update 3 days ago I have been unable to log in to any of my
> Netgear equipment using Firefox. I get the error: (Error code:
> sec_error_extension_value_invalid. I can access my equipment using Explorer
> so I can only a
On Monday, 7 April 2014 23:33:50 UTC+1, Kathleen Wilson wrote:
> All,
>
>
>
> We have been working on a new certificate verification library for
>
> Gecko, and would greatly appreciate it if you will test this new library
>
> and review the new code.
>
>
>
> Background
>
>
>
> NSS cur
Hi Jugal,
For issues with mozilla::pkix, the following might be helpful:
https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Behavior_Changes
If that doesn't resolve the issue, please file a bug here:
https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=Security:%20PSM&short_
Team
After upgrade to Firefox 31, I am not able to request any https link through my
firewall and getting certificate failure. I tried re-import of firewall
certificate but in vein.
Please suggest.
On Tuesday, 8 April 2014 04:03:50 UTC+5:30, Kathleen Wilson wrote:
> All,
>
>
>
> We have b
On Mon, Apr 28, 2014 at 4:45 PM, Erwann Abalea wrote:
> The chain builder can test all possible issuers until it finds a valid one
> (that's what OpenSSL does, for example). The AKI is only here to say
> "pssst, this is most probably the certificate you should try first".
>
Right. We need to mea
On Mon, Apr 28, 2014 at 4:29 PM, Erwann Abalea wrote:
> I know DER tools is only a decoder, and from
> https://mxr.mozilla.org/mozilla-central/source/security/pkix/lib/pkixocsp.cpp#921the
> construction of the request makes heavy use of hex magic to build a
> request.
>
Right. OCSP requests are
Bonjour Kyle,
Le mardi 29 avril 2014 01:10:19 UTC+2, Kyle Hamilton a écrit :
> On Fri, Apr 25, 2014 at 6:59 AM, Erwann Abalea wrote:
> > Le vendredi 25 avril 2014 13:46:51 UTC+2, Martin Paljak a écrit :
> >> On Thu, Apr 24, 2014 at 9:07 PM, Kathleen Wilson
> wrote:
> >> > Also, we added a sectio
Bonjour,
Le lundi 28 avril 2014 18:11:30 UTC+2, David Keeler a écrit :
> On 04/26/2014 01:44 AM, Erwann Abalea wrote:
>
> > Took a quick look at the code, it looks like KU/EKU checks is ok,
> > BasicConstraints checks are weirdly done, NameConstraints checks are hard
> > to follow, CertificateP
(quick correction to my prior email: the certificates issued by the
intermediate are valid for up to 15 months in that example, and the
key is retired when it cannot sign anything with a validity less than
12 months.)
-Kyle H
On Mon, Apr 28, 2014 at 4:10 PM, Kyle Hamilton wrote:
On Fri, Apr 2
On Fri, Apr 25, 2014 at 6:59 AM, Erwann Abalea wrote:
> Le vendredi 25 avril 2014 13:46:51 UTC+2, Martin Paljak a écrit :
>> On Thu, Apr 24, 2014 at 9:07 PM, Kathleen Wilson
wrote:
>> > Also, we added a section to the wiki page to list some behavior
changes that
>> > could cause a website certifi
On 04/26/2014 01:44 AM, Erwann Abalea wrote:
> Took a quick look at the code, it looks like KU/EKU checks is ok,
> BasicConstraints checks are weirdly done, NameConstraints checks are hard to
> follow, CertificatePolicies checks is a joke. I now notice that I didn't see
> date checks (I may have
Le vendredi 25 avril 2014 21:09:58 UTC+2, Martin Paljak a écrit :
> On Fri, Apr 25, 2014 at 4:59 PM, Erwann Abalea wrote:
> > AKI is only a helper for certificate path building.
> > It's mandatory for CAs to issue certificates with matching keyIdentifiers
> > (issued.AKI.keyIdentifier = issuer.SK
On Fri, Apr 25, 2014 at 4:59 PM, Erwann Abalea wrote:
> AKI is only a helper for certificate path building.
> It's mandatory for CAs to issue certificates with matching keyIdentifiers
> (issued.AKI.keyIdentifier = issuer.SKI), but it's not mandatory for relying
> parties to verify that the value
On 4/25/14, 9:18 AM, Zack Weinberg wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 04/25/2014 09:59 AM, Erwann Abalea wrote:
Le vendredi 25 avril 2014 13:46:51 UTC+2, Martin Paljak a écrit :
What is the rationale for this:
4. Mozilla::pkix performs chaining based on issuer name alo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 04/25/2014 09:59 AM, Erwann Abalea wrote:
> Le vendredi 25 avril 2014 13:46:51 UTC+2, Martin Paljak a écrit :
>>
>> What is the rationale for this:
>>
>> 4. Mozilla::pkix performs chaining based on issuer name alone,
>> and does not require that
Le vendredi 25 avril 2014 13:46:51 UTC+2, Martin Paljak a écrit :
> On Thu, Apr 24, 2014 at 9:07 PM, Kathleen Wilson wrote:
> > Also, we added a section to the wiki page to list some behavior changes that
> > could cause a website certificate to no longer validate with Firefox 31.
> > https://wiki
On Thu, Apr 24, 2014 at 9:07 PM, Kathleen Wilson wrote:
> Also, we added a section to the wiki page to list some behavior changes that
> could cause a website certificate to no longer validate with Firefox 31.
> https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Behavior_Changes
What is
On 4/7/14, 3:33 PM, Kathleen Wilson wrote:
All,
We have been working on a new certificate verification library for
Gecko, and would greatly appreciate it if you will test this new library
and review the new code.
A special Bug Bounty program has been announced regarding this:
https://blog.moz
All,
We have been working on a new certificate verification library for
Gecko, and would greatly appreciate it if you will test this new library
and review the new code.
Background
NSS currently has two code paths for doing certificate verification.
"Classic" verification has been used for
38 matches
Mail list logo
