1 |
On Fri, 4 Jan 2013 12:18:45 -0500 |
2 |
Michael Mol <mikemol@×××××.com> wrote: |
3 |
|
4 |
> On Fri, Jan 4, 2013 at 12:13 PM, Mick <michaelkintzios@×××××.com> |
5 |
> wrote: |
6 |
> > |
7 |
> > On Friday 04 Jan 2013 12:45:01 Robert David wrote: |
8 |
> >> Hi all, |
9 |
> >> |
10 |
> >> anyone have problem with firefox and selfsigned ssl? I tryed |
11 |
> >> firefox and firefox-bin. |
12 |
> >> |
13 |
> >> Firefox: |
14 |
> >> Problem loading page: Secure connection failed. |
15 |
> >> |
16 |
> >> Firefox-bin: |
17 |
> >> No problem loading page. |
18 |
> >> |
19 |
> >> |
20 |
> >> I tryed with/without system-sqlite. Rebuild nss. Nothing helped. |
21 |
> >> |
22 |
> >> |
23 |
> >> |
24 |
> >> Robert David |
25 |
> > |
26 |
> > Hmm .... it should flag up a warning and once you accept it there |
27 |
> > shouldn't be a problem connecting. |
28 |
> |
29 |
> Some browsers (I don't know if FF is one of them) won't allow bypass |
30 |
> depending on the cert details. I've seen "the server has requested |
31 |
> strict validation" before. |
32 |
> |
33 |
> |
34 |
> -- |
35 |
> :wq |
36 |
> |
37 |
|
38 |
Not seen certs that do that but HSTS http headers can prevent override. |
39 |
Unfortunately even though an incorrect clock is perfectly acceptable to |
40 |
SSL it is not to HSTS. I expect to hear user complaints getting |
41 |
play.com to disable HSTS due to flat bios batteries (and no NTP is |
42 |
seemingly no answer to this problem). My preference is a |
43 |
compulsory header redirect to ssl. I've suggested a disable HSTS option |
44 |
enabled by setting the mozilla master password. In any case he said it |
45 |
worked in one copy of firefox so It's unlikely to be the culprit. I |
46 |
assume you tested with the same url? |