Closed
Bug 171595
Opened 22 years ago
Closed 22 years ago
Ciphers turned off in prefs panel still used in connections until restart
Categories
(Core :: Security: PSM, defect)
Tracking
()
VERIFIED
INVALID
People
(Reporter: ralentz, Assigned: ssaux)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b) Gecko/20020929 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b) Gecko/20020929 Seems that when I use the preferences panel to turn off ciphers, that Mozilla still uses them in its negotiations/connections with SSL web sites until I actually restart the browser. Enabling ciphers seems to take effect right away, not requiring a restart. (Separately, someone might want to glance at the SSL ciphers tracking bug, 157593, looks like work was active on several fronts and then got dropped, especially the new UI to deal with the additional ciphers. FWIW, I for one am quite glad you specifically have the FIPS ciphers labeled, handy at work.) Reproducible: Always Steps to Reproduce: 0. Turn off all ciphers except for SSLv3 FIPS, Triple-DES, and DES 56-bit with SHA-1 MAC 1. Visit https://app.firstusa.com:443/ 2. Receive low-grade encryption warning (SSLv3 DES-CRC 56-bit) 3. Go into prefs, turn off that cipher. 4. Revisit url https://app.firstusa.com:443/ 5. Still receive low-grade encryption warning and receive page. 6. Restart browser. 7. Revisit https://app.firstusa.com:443/ 8. "Mozilla and remote site cannot communicate because they do not share any encryption ciphers" (or whatever it exactly says).
Comment 1•22 years ago
|
||
Marking invalid. If you'll wait 30 seconds or more before trying to reach the site a second time, keep-alive will time out and you cannot reach the site.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•