Closed
Bug 545206
Opened 14 years ago
Closed 9 years ago
Minefield gets SSL renegotiation errors with Skandiabanken bank
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: limi, Unassigned)
References
Details
How to reproduce: 1. Go to http://www.skandiabanken.no 2. Click "Logg inn" (left side) 3. Click the big lock icon to indicate that you want to log in 4. Get Firefox error page: Secure Connection Failed An error occurred during a connection to cert.skandiabanken.no. Renegotiation is not allowed on this SSL socket. (Error code: ssl_error_renegotiation_not_allowed) For the record, it works fine with Firefox 3.6. There are some errors in the console: secure.skandiabanken.no : potentially vulnerable to CVE-2009-3555 …but that's supposed to be unrelated, and not block access to the site, just warn.
Comment 1•14 years ago
|
||
Ah - yes, it took me a minute, but this, too, is deliberate. See Kai's wiki page for details: https://wiki.mozilla.org/Security:Renegotiation Basically, with NSS 3.12.6, we: - Warn in the error console for every vulnerable server (hence the latter part of your report) - Refuse actual renegotiation requests from vulnerable servers (hence your proximate complaint). The wiki page also talks about the temporary and permanent prefs at your disposal for changing this behaviour, but if your bank actually does need TLS renegotiation, they're gonna want to fix their servers -- we won't be the only browser doing this in the medium term.
Reporter | ||
Comment 2•14 years ago
|
||
I'll contact the bank and let them know. Thanks!
Comment 3•14 years ago
|
||
Microsoft is also struggling with the issue ... http://arstechnica.com/microsoft/news/2010/02/microsoft-warns-of-tslssl-flaw-in-windows.ars
Comment 4•14 years ago
|
||
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.3a2pre) Gecko/20100216 Minefield/3.7a2pre Same issue with skandiabanken.se.
Comment 5•14 years ago
|
||
Same with startssl.com
Comment 7•13 years ago
|
||
Works for me. Mozilla/5.0 (X11; Linux x86_64; rv:2.0) Gecko/20100101 Firefox/4.0 Same with skandiabanken.se.
Comment 9•9 years ago
|
||
No longer a problem, right?
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•