SSL Add Exception no longer allowed for IBM CMM / IMM2

RESOLVED INCOMPLETE
(NeedInfo from)

Status

()

Core
Security: PSM
RESOLVED INCOMPLETE
3 years ago
2 years ago

People

(Reporter: Mica, Unassigned, NeedInfo)

Tracking

37 Branch
x86_64
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36

Steps to reproduce:

Attempt to access the https urls for new IBM Chassis Management Module, or Integrated Management Modules.  These use self signed certs generated by the hardware device.  The SSL is correctly flagged as not trusted. I then attempt to "Add an exception" 

- Problem not fixed by regenerationg devices SSL cert. 


Actual results:

In MozillaFirefox-37.0.1-23.1.x86_64.rpm we get the message that the CA isn't trusted however the "add Exception" button does not work with no additional Information.


Expected results:

The Security negotiation should have allowed the exception to be added and negotiated a connection not withstanding it's problems with the self signed cert. 

This behavior works when we downgrade to MozillaFirefox-36.0.4_37.0.1-18.1_23.1
(Reporter)

Comment 1

3 years ago
Technical details on the exception show  the same error in both cases

An error occurred during a connection to fs1-mgmt.macewan.ca.
Peer's Certificate issuer is not recognized.
(Error code: sec_error_unknown_issuer)
(Reporter)

Comment 2

3 years ago
Okay I just validated the behavior occurs in windows FF 37 as well ... Other apache based self signed certs do allow the exception to be added.  Is there an ssl validation log I can use to see a more specific answer as to what it is about these particular certificates that FF37 is objecting to?

Updated

3 years ago
Component: Untriaged → Security: PSM
Product: Firefox → Core
Does it work in 38? This might have been fixed by bug 1123671.
Flags: needinfo?(micajc)
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.