Closed Bug 171595 Opened 22 years ago Closed 22 years ago

Ciphers turned off in prefs panel still used in connections until restart

Categories

(Core :: Security: PSM, defect)

Other Branch
x86
Windows 2000
defect
Not set
normal

Tracking

()

VERIFIED INVALID

People

(Reporter: ralentz, Assigned: ssaux)

References

()

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b) Gecko/20020929
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b) Gecko/20020929

Seems that when I use the preferences panel to turn off ciphers, that Mozilla
still uses them in its negotiations/connections with SSL web sites until I
actually restart the browser.

Enabling ciphers seems to take effect right away, not requiring a restart.

(Separately, someone might want to glance at the SSL ciphers tracking bug,
157593, looks like work was active on several fronts and then got dropped,
especially the new UI to deal with the additional ciphers.  FWIW, I for one am
quite glad you specifically have the FIPS ciphers labeled, handy at work.)

Reproducible: Always

Steps to Reproduce:
0. Turn off all ciphers except for SSLv3 FIPS, Triple-DES, and DES 56-bit with
SHA-1 MAC
1. Visit https://app.firstusa.com:443/
2. Receive low-grade encryption warning (SSLv3 DES-CRC 56-bit)
3. Go into prefs, turn off that cipher.
4. Revisit url https://app.firstusa.com:443/
5. Still receive low-grade encryption warning and receive page.
6. Restart browser.
7. Revisit https://app.firstusa.com:443/
8. "Mozilla and remote site cannot communicate because they do not share any
encryption ciphers" (or whatever it exactly says).
Marking invalid. If you'll wait 30 seconds or more before trying to reach the 
site a second time, keep-alive will time out and you cannot reach the site.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
Verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
You need to log in before you can comment on or make changes to this bug.