Closed
Bug 545339
Opened 14 years ago
Closed 14 years ago
SSO problem & Security Card ...
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: erick.fauquette, Unassigned)
References
Details
(Keywords: regression)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a2pre) Gecko/20100209 Minefield/3.7a2pre (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a2pre) Gecko/20100209 Minefield/3.7a2pre (.NET CLR 3.5.30729) Since this release connecting using certificate doesn't work any more : Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a2pre) Gecko/20100208 Minefield/3.7a2pre (.NET CLR 3.5.30729) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a2pre) Gecko/20100209 Minefield/3.7a2pre (.NET CLR 3.5.30729) and generate this message: Secure Connection Failed An error occurred during a connection to websso.corp.thales. Renegotiation is not allowed on this SSL socket. (Error code: ssl_error_renegotiation_not_allowed) The page you are trying to view can not be shown because the authenticity of the received data could not be verified. Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site. Reproducible: Always Actual Results: generate this message: Secure Connection Failed An error occurred during a connection to websso.corp.thales. Renegotiation is not allowed on this SSL socket. (Error code: ssl_error_renegotiation_not_allowed) The page you are trying to view can not be shown because the authenticity of the received data could not be verified. Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site. and block the browser for all connection through a proxy Expected Results: Functionning as previous releases ... Still working normally with latest release of Firefoxe (3.5.5) No possibility to give you an example, because links are from Thales Intranet to Internet ...
Updated•14 years ago
|
Blocks: 535649
Keywords: regression
Comment 1•14 years ago
|
||
Erick, you probably have not yet heard about security issue CVE-2009-3555 The behavior you get is expected Could you please read this wiki page? https://wiki.mozilla.org/Security:Renegotiation If you really need your vulnerable configuration to work, the wiki page describes a preference you can set. I'm resolving this as invalid, but please let us know what you think after you've read the wiki page.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 2•14 years ago
|
||
Setting to true security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref allows functionning as before. Even if it's not safe ....
Reporter | ||
Comment 3•14 years ago
|
||
Leaving to false security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref and setting security.ssl.renego_unrestricted_hosts with peopleonline.corp.thales,websso.corp.thales (web site and websso server) allows normal functioning. Thanks for the help.
You need to log in
before you can comment on or make changes to this bug.
Description
•