Closed
Bug 656408
Opened 14 years ago
Closed 13 years ago
aus.mozilla.org does not support TLS secure renegotiation extension (RFC5746)
Categories
(Security Assurance :: General, task)
Security Assurance
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 555952
People
(Reporter: briansmith, Unassigned)
References
()
Details
Attachments
(1 file)
23.38 KB,
application/xml
|
Details |
+++ This bug was initially created as a clone of Bug #623155 +++
See https://aus.mozilla.org/update/firefox/en-US.rdf, the current contents of which are attached. When accessing this resource, there is an XML parsing error. The site identity block is grey, with no favicon, and Larry says "This website does not supply identity information" and "Your connection to this website is only partially encrypted, and does not prevent eavesdropping."
Reporter | ||
Comment 1•14 years ago
|
||
The site identity block is working correctly. I have security.ssl.treat_unsafe_negotiation_as_broken=true, and aus.mozilla.org does not have the TLS secure renegotiation extension enabled.
Assignee: nobody → infrasec
Group: core-security
Component: Security: UI → Infrastructure Security: Server Security
OS: Linux → All
Product: Core → mozilla.org
QA Contact: ui → clyon
Hardware: x86 → All
Summary: XML parsing error for document over HTTPS causes identity block to incorrectly indicate mixed content and untrusted publisher → aus.mozilla.org does not support TLS secure renegotiation extension (RFC5746)
Version: Trunk → other
Comment 2•14 years ago
|
||
Is this an issue? aus3.m.o is what fx4 uses and aus2 is what fx3 uses. Not sure if there are any clients we have which have support for rfc5746 that actually use aus.m.o.
Granted, looking at aus3, looks like there are other issues besides rfc5746.
Reporter | ||
Comment 3•14 years ago
|
||
Chris, I don't think it is a high priority. I just morphed the bug from what I originally reported to make the real cause clear.
Comment 4•14 years ago
|
||
This was cloned from a bug that was nominated tracking-firefox5, but it's filed in a component that doesn't make the flag visible for us to unset. I'm gonna tag the whiteboard saying as much, since I don't think firefox5 drivers should be triaging this
Whiteboard: [ignore in tracking-firefox5 triage, flag fu]
Updated•14 years ago
|
Component: Infrastructure Security: Server Security → General
Product: mozilla.org → Firefox
Version: other → unspecified
Updated•14 years ago
|
tracking-firefox5:
? → ---
Whiteboard: [ignore in tracking-firefox5 triage, flag fu]
Updated•14 years ago
|
Component: General → Infrastructure Security: Server Security
Product: Firefox → mozilla.org
Version: unspecified → other
Updated•14 years ago
|
QA Contact: chris → mcoates
Comment 5•14 years ago
|
||
No action for >5 months -- is this on the radar to be fixed anytime soon?
From the wiki page about this error message[1], it sounds like (as of > 1.5 years ago) we're encouraging the rest of the web to upgrade their servers to address this, so it's a little embarrassing that we ourselves have high-value servers that still aren't upgraded.
[1] https://wiki.mozilla.org/Security:Renegotiation
Comment 7•14 years ago
|
||
Copying in Corey and Shyam, do we have an upgrade we can apply here?
Comment 8•14 years ago
|
||
(In reply to Michael Coates [:mcoates] from comment #6)
> Per comment 2 its unclear if this site is even in use.
It apparently is in use for some people, per this post on mozilla.dev.apps.firefox:
http://groups.google.com/group/mozilla.dev.apps.firefox/msg/c4effa5522a239da
Comment 9•13 years ago
|
||
aus.m.o was superceded by aus2.m.o and then aus3.m.o, but Firefox still reports the message in the Error Console for aus3.m.o, which all versions older than about Fx2 are currently using. Luckily Brian is looking into this over in bug 555952.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Updated•10 years ago
|
Component: Operations Security (OpSec): General → General
Product: mozilla.org → Enterprise Information Security
You need to log in
before you can comment on or make changes to this bug.
Description
•