Closed Bug 545339 Opened 14 years ago Closed 14 years ago

SSO problem & Security Card ...

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: erick.fauquette, Unassigned)

References

Details

(Keywords: regression) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a2pre) Gecko/20100209 Minefield/3.7a2pre (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a2pre) Gecko/20100209 Minefield/3.7a2pre (.NET CLR 3.5.30729)

Since this release connecting using certificate doesn't work any more :
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a2pre) Gecko/20100208 Minefield/3.7a2pre (.NET CLR 3.5.30729)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a2pre) Gecko/20100209 Minefield/3.7a2pre (.NET CLR 3.5.30729)


and generate this message:

Secure Connection Failed   
An error occurred during a connection to websso.corp.thales.
Renegotiation is not allowed on this SSL socket.
(Error code: ssl_error_renegotiation_not_allowed)
The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
  Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.


Reproducible: Always

Actual Results:  
 generate this message:

Secure Connection Failed   
An error occurred during a connection to websso.corp.thales.
Renegotiation is not allowed on this SSL socket.
(Error code: ssl_error_renegotiation_not_allowed)
The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
  Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
and block the browser for all connection through a proxy

Expected Results:  
Functionning as previous releases ...

Still working normally with latest release of Firefoxe (3.5.5)

No possibility to give you an example, because links are from Thales Intranet to Internet ...
Blocks: 535649
Keywords: regression
Erick, you probably have not yet heard about security issue CVE-2009-3555

The behavior you get is expected  Could you please read this wiki page?
https://wiki.mozilla.org/Security:Renegotiation

If you really need your vulnerable configuration to work, the wiki page describes a preference you can set.

I'm resolving this as invalid, but please let us know what you think after you've read the wiki page.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
Setting to true security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref

allows functionning as before. Even if it's not safe ....
Leaving to false security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref

and setting security.ssl.renego_unrestricted_hosts
with 	peopleonline.corp.thales,websso.corp.thales (web site and websso server) allows normal functioning.


Thanks for the help.
You need to log in before you can comment on or make changes to this bug.