Closed
Bug 669124
Opened 13 years ago
Closed 8 years ago
Domain Mismatch Exception for more than 1 pairing
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 528922
People
(Reporter: samuel.wang, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Build ID: 20110429093851 Steps to reproduce: Configured TB to send and retrieve emails via Outlook Web Access (OWA). Emails are sent through port 25, with STARTTLS as Connection Security and using normal passwords for authentication. OWA runs on a load balancer (i.e. >= 2 exchange servers) Actual results: Security Error keeps popping up even though I click on "Confirm Security Exception". Further investigations seems to show that the Domain Mismatch is only applicable to 1 pairing (e.g webmail.me.apac.com - hub1.me.apac.com). If the certificate is served from another Exchange server (e.g. hub2.me.apac.com), the security Error window will popup again. Upon clicking on "Confirm Security Exception", the pairing will switch over to the new Exchange server, resulting in another Security Exception error when the certificate is served by the other Exchange server Expected results: Allowance for more than one domain mismatch pairing, so that more than 1 Exchange servers could use supply certificates for OWA access without security errors.
Comment 1•13 years ago
|
||
Is your certificate having wildcards or are these ssl certs machine specific ?
Reporter | ||
Comment 2•13 years ago
|
||
(In reply to comment #1) > Is your certificate having wildcards or are these ssl certs machine specific > ? The certificates are machine specific
Comment 3•13 years ago
|
||
Then I think we are doing the right thing and not letting users compromise their security. But I'm not the expert.
Comment 4•8 years ago
|
||
(In reply to Ludovic Hirlimann [:Usul] from comment #3) > Then I think we are doing the right thing and not letting users compromise > their security. But I'm not the expert. magnus do yo uagree?
Flags: needinfo?(mkmelin+mozilla)
Comment 5•8 years ago
|
||
I think in general it's not a completely invalid configuration, just a bad one, that is common due to clustering. It would be safer if we allowed more than one exception per host... at least then you'd notice in case something really bad happens. Now you just click through it by habit.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Flags: needinfo?(mkmelin+mozilla)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•