Subject:
Re: SM2.1 nightly SSL error renegotiation not allowed
From:
Mark Hansen <m...@nospamwinfirst.com>
Date:
Fri, 19 Feb 2010 08:18:00 -0800
To:
support-seamonkey@lists.mozilla.org
On 2/19/2010 6:57 AM, dominique wrote:
> dominique wrote, On 2/19/2010 10:28 AM:
>> Hello all,
>>
>> I use the SM2.1 nightlies at work and since a few days I get the
>> following error when login to my company portal:
>>
>> Secure Connection Failed
>> An error occurred during a connection to login.portal.<company>.com.
>> Renegotiation is not allowed on this SSL socket.
>> (Error code: ssl_error_renegotiation_not_allowed)
>>
>> As far as I know, nothing has changed there, nor in the certificates I
>> use (mine and the cert authority, which is in this case my company).
>>
>> When I use Firefox 3.6, I don't get the error, although I have the same
>> certificates setup.
>>
>> Any hint regarding the cause ? anything I can do to avoid this issue ?
>> Thanks for the help
>>
>> Dom,
>> (and yes, I must be brave at heart to use the nightlies for my work:-) )
>
> Mmm, I guess a little goolging never hurts:
> https://developer.mozilla.org/NSS_3.12.5_release_notes
>
> All SSL3/TLS renegotiation is disabled by default in NSS 3.12.5, which
> is used in bleeding-edge Mozilla stuff...
> Good to know...
>
> Is there a way to disable this feature for a domain, a destination ?
> temporarily ?
>
> I see there that " If an application depends on renegotiation feature,
> it can be enabled by setting the environment variable
> NSS_SSL_ENABLE_RENEGOTIATION to 1. By setting this environmental
> variable, the fix provided by these patches will have no effect and the
> application may become vulnerable to the issue."
>
> How can I set this environment variable ? is there a preference to set
> inabout:config ?
>
> thanks to all (and thanks to all the developers for Seamonkey !!)
> Dominique
Environment variables are set outside of SeaMonkey. How/where you set
them depends on your operating system. For example, if you're running
Windows/XP, one way is to right click on the My Computer desktop icon
and select Properties. Then click on the Advanced tab, then the
Environment Variables button.
On this page, you can set the Environment variable for the logged-in
user, or for all users (system variables). Note that if you set it
for the logged-in user, you may need to log out and back in for the
setting to take effect.
Best Regards,
My reply:
I posted a question several days ago about my SSL proxy function not working properly. I
use a proxy accelerator for my dialup connection. Even though I have the SSL set in the
Advanced section, I still get a proxy error when visiting secure sites. I have to set
SSL sites as "No proxy for:" in the proxy settings rendering them
non-accelerated.
Is there a WindowsXP environment variable that addresses general SSL
connections other than the SSL renegotiation variable mentioned above? And
where can I find a listing of WindowsXP environment variables so I am sure to
use the correct coding? Perhaps this is the solution to my problem until SM
comes out with an update that fixes this. I am downloading ver. 2.0.3 as we
speak and maybe this will offer some relief.
Any comments appreciated.
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey
