Closed Bug 57278 Opened 24 years ago Closed 24 years ago

40 bit certificate sites unusable ?

Categories

(Core :: Security: PSM, defect, P3)

Other Branch
x86
Linux
defect

Tracking

()

VERIFIED INVALID

People

(Reporter: edavid, Assigned: ddrinan0264)

References

()

Details

I'm unable to connect to above mentinned site. I get
1) the page I was on before trying to get there
2) a barred closed lock in right bottom corner
3) in the xterm from which I launched mozilla, the following message :
Error loading URL https://www.live.bprop.banquepopulaire.fr/servlet/ident?a=i:
80004005

I wonder wether the use of a 40 bit encryption by this server could the source
of the problem.
I tried other https sites, all with 128bit encryption were Ok, all with 40bit
encryption did not work.
This site may not implement SSL correctly.  When you turn off TLS in N6, it works.

junruh and nitinp: can you test this hypothesis with those TLS tools?

Assignee: lord → ddrinan
www.live.bprop.banquepopulaire.fr is a TLS intolerant server that violates the 
SSL3/TLS "version roll back" rule. The workaround for Netscape 6 is to open the 
Security Manager, click on Advanced, Options, and disable TLS.
Status: UNCONFIRMED → RESOLVED
Closed: 24 years ago
Resolution: --- → INVALID
ccing people
Verified invalid.
Status: RESOLVED → VERIFIED
Product: PSM → Core
You need to log in before you can comment on or make changes to this bug.