Please file a new bug here:
https://bugzilla.mozilla.org/enter_bug.cgi?product=Corecomponent=Security%3A%20PSM
It would be helpful if you attached the certificate the device is sending.
On 07/01/2015 08:15 AM, pavel.shlyon...@gmail.com wrote:
Hello guys.
Just updated firmware in my Sonicwall
Hello guys.
Just updated firmware in my Sonicwall TZ210W
Now unable to sign in to management page.
Secure Connection Failed
The page you are trying to view cannot be shown because the authenticity of the
received data could not be verified.
Please contact the website owners to inform them of
On Monday, April 7, 2014 at 6:33:50 PM UTC-4, Kathleen Wilson wrote:
All,
We have been working on a new certificate verification library for
Gecko, and would greatly appreciate it if you will test this new library
and review the new code.
Background
NSS currently has two code paths
my.rutgers.edu only offers a single cipher suite
(TLS_RSA_WITH_RC4_128_SHA) and is TLS 1.1/1.2 intolerant [0]. We
essentially disabled RC4 and insecure fallback to TLS 1.0 by default,
which is why you're unable to connect with recent (i.e. pre-release)
versions of Firefox.
I filed bug 1139065 [1]
On Thursday, October 16, 2014 3:04:59 PM UTC-5, treb...@gmail.com wrote:
On Monday, April 7, 2014 6:33:50 PM UTC-4, Kathleen Wilson wrote:
All,
We have been working on a new certificate verification library for
Gecko, and would greatly appreciate it if you will test this new
On Nov 5, 2014, at 3:43 PM, crodenb...@gmail.com wrote:
On Thursday, October 16, 2014 3:04:59 PM UTC-5, treb...@gmail.com wrote:
On Monday, April 7, 2014 6:33:50 PM UTC-4, Kathleen Wilson wrote:
All,
We have been working on a new certificate verification library for
Gecko, and
Le jeudi 16 octobre 2014 22:04:59 UTC+2, treb...@gmail.com a écrit :
[...]
YOU F**KTARDS.. SOMETIMES WE HAVE ABSOLUTELY ZERO F**KING CONTROL OVER THE
SSL CERT PRESENTED.. WE **know** IT SHOULD BE TRUSTED BECAUSE ITS AN INTERNAL
F**KING DEVICE, AND DON'T GIVE ONE FLYING F**K IF THE CERT IS
On Monday, April 7, 2014 6:33:50 PM UTC-4, Kathleen Wilson wrote:
All,
We have been working on a new certificate verification library for
Gecko, and would greatly appreciate it if you will test this new library
and review the new code.
Background
NSS currently has two
I am accessing pfSense router/s that have self-generated certificates so
obviously they do not validate publicly. Prior to Firefox 31 I had the security
warning and had clicked through to add the certificate for a number of these
routers on our internal networks.
The list of certificates in
I am accessing pfSense router/s that have self-generated certificates so
obviously they do not validate publicly. Prior to Firefox 31 I had the security
warning and had clicked through to add the certificate for a number of these
routers on our internal networks.
The list of certificates in
On Thu, Oct 2, 2014 at 9:03 AM, davpj...@ozemail.com.au wrote:
Maybe there is something that can be done to hep this situation? Maybe these
old private certificates need to be cleaned out on upgrade? Or maybe
something in the code that is going nuts trying to validate these private
On Monday, April 7, 2014 6:33:50 PM UTC-4, Kathleen Wilson wrote:
All,
We have been working on a new certificate verification library for
Gecko, and would greatly appreciate it if you will test this new library
and review the new code.
Background
NSS currently has two
Brian,
I just ran into the Netscape Cert Type critical extension issue with an
internal cert.
Is there an override setting to allow this cert to work in Firefox still ?
IMO, the Firefox behavior is particularly bad, because Firefox won't
even let you look at the cert details to see what the
Hi Julien,
Currently there is no way to override that behavior. We're working on
improving the situation in bug 1009161.
See also bug 1054368 regarding a way to view the certificate for
non-overridable errors.
If you can get in touch with whoever administers the internal
certificates, I would
On Monday, April 7, 2014 6:33:50 PM UTC-4, Kathleen Wilson wrote:
All,
We have been working on a new certificate verification library for
Gecko, and would greatly appreciate it if you will test this new library
and review the new code.
Background
NSS currently has two
On Aug 5, 2014, at 1:25 PM, Brian Smith br...@briansmith.org wrote:
On Tue, Aug 5, 2014 at 9:51 AM, mjle...@gmail.com wrote:
Since updating to 31, I have not been able to log into a self signed web
page:
Secure Connection Failed
An error occurred during a connection to taiserver:444.
Since updating to 31, I have not been able to log into a self signed web page:
Secure Connection Failed
An error occurred during a connection to taiserver:444. Certificate key usage
inadequate for attempted operation. (Error code: sec_error_inadequate_key_usage)
How do I get this corrected?
On Tue, Aug 5, 2014 at 9:51 AM, mjle...@gmail.com wrote:
Since updating to 31, I have not been able to log into a self signed web page:
Secure Connection Failed
An error occurred during a connection to taiserver:444. Certificate key usage
inadequate for attempted operation. (Error code:
On 08/02/2014 08:39 AM, colinhogg...@gmail.com wrote:
Since the latest update 3 days ago I have been unable to log in to any of my
Netgear equipment using Firefox. I get the error: (Error code:
sec_error_extension_value_invalid. I can access my equipment using Explorer
so I can only
Team
After upgrade to Firefox 31, I am not able to request any https link through my
firewall and getting certificate failure. I tried re-import of firewall
certificate but in vein.
Please suggest.
On Tuesday, 8 April 2014 04:03:50 UTC+5:30, Kathleen Wilson wrote:
All,
We have been
Hi Jugal,
For issues with mozilla::pkix, the following might be helpful:
https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Behavior_Changes
If that doesn't resolve the issue, please file a bug here:
On 04/26/2014 01:44 AM, Erwann Abalea wrote:
Took a quick look at the code, it looks like KU/EKU checks is ok,
BasicConstraints checks are weirdly done, NameConstraints checks are hard to
follow, CertificatePolicies checks is a joke. I now notice that I didn't see
date checks (I may have
On Fri, Apr 25, 2014 at 6:59 AM, Erwann Abalea eaba...@gmail.com wrote:
Le vendredi 25 avril 2014 13:46:51 UTC+2, Martin Paljak a écrit :
On Thu, Apr 24, 2014 at 9:07 PM, Kathleen Wilson kwil...@mozilla.com
wrote:
Also, we added a section to the wiki page to list some behavior
changes that
On Mon, Apr 28, 2014 at 4:45 PM, Erwann Abalea eaba...@gmail.com wrote:
The chain builder can test all possible issuers until it finds a valid one
(that's what OpenSSL does, for example). The AKI is only here to say
pssst, this is most probably the certificate you should try first.
Right. We
Le vendredi 25 avril 2014 21:09:58 UTC+2, Martin Paljak a écrit :
On Fri, Apr 25, 2014 at 4:59 PM, Erwann Abalea eaba...@gmail.com wrote:
AKI is only a helper for certificate path building.
It's mandatory for CAs to issue certificates with matching keyIdentifiers
(issued.AKI.keyIdentifier
On Thu, Apr 24, 2014 at 9:07 PM, Kathleen Wilson kwil...@mozilla.com wrote:
Also, we added a section to the wiki page to list some behavior changes that
could cause a website certificate to no longer validate with Firefox 31.
Le vendredi 25 avril 2014 13:46:51 UTC+2, Martin Paljak a écrit :
On Thu, Apr 24, 2014 at 9:07 PM, Kathleen Wilson kwil...@mozilla.com wrote:
Also, we added a section to the wiki page to list some behavior changes that
could cause a website certificate to no longer validate with Firefox 31.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 04/25/2014 09:59 AM, Erwann Abalea wrote:
Le vendredi 25 avril 2014 13:46:51 UTC+2, Martin Paljak a écrit :
What is the rationale for this:
4. Mozilla::pkix performs chaining based on issuer name alone,
and does not require that issuer's
On 4/25/14, 9:18 AM, Zack Weinberg wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 04/25/2014 09:59 AM, Erwann Abalea wrote:
Le vendredi 25 avril 2014 13:46:51 UTC+2, Martin Paljak a écrit :
What is the rationale for this:
4. Mozilla::pkix performs chaining based on issuer name
On Fri, Apr 25, 2014 at 4:59 PM, Erwann Abalea eaba...@gmail.com wrote:
AKI is only a helper for certificate path building.
It's mandatory for CAs to issue certificates with matching keyIdentifiers
(issued.AKI.keyIdentifier = issuer.SKI), but it's not mandatory for relying
parties to verify
On 4/7/14, 3:33 PM, Kathleen Wilson wrote:
All,
We have been working on a new certificate verification library for
Gecko, and would greatly appreciate it if you will test this new library
and review the new code.
A special Bug Bounty program has been announced regarding this:
31 matches
Mail list logo