View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000987 | Main CAcert Website | website content | public | 2011-09-28 22:15 | 2011-09-29 14:07 |
Reporter | antonio | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | new | Resolution | open | ||
Platform | Main CAcert Website | OS | N/A | OS Version | stable |
Summary | 0000987: no renegotiation when visiting certificate authenticated c.o subdomains with firefox 4.x | ||||
Description | there's a problem with certificate renegotiation on subdomain c.o sites (e.g. https://blog.cacert.org/wp-admin/ and https://svn.cacert.org/) using "Transport Layer Security (TLS) Renegotiation Indication Extension rfc5746" compliant browsers (capable of view the penguin on https://ssltls.de/) (e.g. firefox-4.0.x and newer ones) | ||||
Steps To Reproduce | with firefox-6.0.2 and firefox-7.0 under linux (fedora and debian), with valid installed ca-certificates on browser 1.- just access https://blog.cacert.org/wp-admin/ or https://svn.cacert.org/ so you have the ugly response ===================== Secure Connection Failed An error occurred during a connection to blog.cacert.org. Renegotiation is not allowed on this SSL socket. (Error code: ssl_error_renegotiation_not_allowed) The page you are trying to view can not be shown because the authenticity of the received data could not be verified. Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site. ===================== | ||||
Additional Information | WORKAROUND: 1.- on firefox navigation bar, type about:config 2.- and just set security.ssl.allow_unrestricted_renego_everywhere=true and it works again (but this is not the predefined setting as noted on https://wiki.mozilla.org/Security%3ARenegotiation) This is not an exclusive CAcert problem (but c.o subdomains looks like unsupported sites on firefox when certificate authentication is used) Interesting, google-chromium (google-chrome) is detected as safari browser: ===================== No certificate information presented; Safari User please use this link https://blog.cacert.org/requirecert/wp-login.php ===================== without better luck | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||