| 1 |
On Fri, 4 Jan 2013 12:18:45 -0500 |
| 2 |
Michael Mol <mikemol@×××××.com> wrote: |
| 3 |
|
| 4 |
> On Fri, Jan 4, 2013 at 12:13 PM, Mick <michaelkintzios@×××××.com> |
| 5 |
> wrote: |
| 6 |
> > |
| 7 |
> > On Friday 04 Jan 2013 12:45:01 Robert David wrote: |
| 8 |
> >> Hi all, |
| 9 |
> >> |
| 10 |
> >> anyone have problem with firefox and selfsigned ssl? I tryed |
| 11 |
> >> firefox and firefox-bin. |
| 12 |
> >> |
| 13 |
> >> Firefox: |
| 14 |
> >> Problem loading page: Secure connection failed. |
| 15 |
> >> |
| 16 |
> >> Firefox-bin: |
| 17 |
> >> No problem loading page. |
| 18 |
> >> |
| 19 |
> >> |
| 20 |
> >> I tryed with/without system-sqlite. Rebuild nss. Nothing helped. |
| 21 |
> >> |
| 22 |
> >> |
| 23 |
> >> |
| 24 |
> >> Robert David |
| 25 |
> > |
| 26 |
> > Hmm .... it should flag up a warning and once you accept it there |
| 27 |
> > shouldn't be a problem connecting. |
| 28 |
> |
| 29 |
> Some browsers (I don't know if FF is one of them) won't allow bypass |
| 30 |
> depending on the cert details. I've seen "the server has requested |
| 31 |
> strict validation" before. |
| 32 |
> |
| 33 |
> |
| 34 |
> -- |
| 35 |
> :wq |
| 36 |
> |
| 37 |
|
| 38 |
Not seen certs that do that but HSTS http headers can prevent override. |
| 39 |
Unfortunately even though an incorrect clock is perfectly acceptable to |
| 40 |
SSL it is not to HSTS. I expect to hear user complaints getting |
| 41 |
play.com to disable HSTS due to flat bios batteries (and no NTP is |
| 42 |
seemingly no answer to this problem). My preference is a |
| 43 |
compulsory header redirect to ssl. I've suggested a disable HSTS option |
| 44 |
enabled by setting the mozilla master password. In any case he said it |
| 45 |
worked in one copy of firefox so It's unlikely to be the culprit. I |
| 46 |
assume you tested with the same url? |
Archives