On Jan 17, 3:57 am, Nelson Bolyard <[EMAIL PROTECTED]>
wrote:
> Robert Relyea wrote, On 2008-01-16 17:01:
>
>
>
> >> Question ======
>
> >> Why is Firefox a ClientHelloV2, although SSL v2 is disabled in Firefox
> >> 2?
>
> > This is a big question. Firefox2 has turned on a number of SSL3/TLS
> > extensions which require and SSL3 hello. I suspect that for some reason
> > you don't really have SSL2 turned off (and old profile?). We know that
> > we are sending SSL3 hello's because we can connect to sites that require
> > them.
>
> > bob
> >> Logs =====
>
> >> From what I can see in the logs of ssltap, Firefox is sending some
> >> data, which might be something like a partial handshake (?).
> >> --> [
> >> alloclen = 63 bytes
> >> (63 bytes of 63)
> >> [Wed Jan 09 12:18:41 2008] [ssl2] ClientHelloV2 {
> >> version = {0x03, 0x00}
>
> Bob, An SSLv2 format client hello advertising SSL 3.0 is what we send
> out to "TLS intolerant" servers.
>
> Stefan, you've begun exploratory surgery on the patient, but haven't yet
> recorded the patient's temperature and blood pressure (IOW, the basics).
>
> What error does FF report when trying to connect to your server?Hi Nelson, I agree. Here are the basics: First of all, I am using version 2.0.0.11. The following parameters might be of interest:security.enable_ssl2=false, security.enable_ssl3=true, security.enable_tls=true The error I am getting after a few clicks or reloads is "Could not establish an encrypted connection because certificate presented by localhost has an invalid signature." As I mentioned this happens with DSA certificates only. RSA seems not to cause a problem. Also, I've only been able to test this on Java- based servers (Jetty, Tomcat). Originally we thought, that this was a Jetty bug. So, some of the history can be found here: http://www.nabble.com/jetty-ssl-problems-to13726768.html#a13816984 http://jira.codehaus.org/browse/JETTY-484 Please let me know, if there is additional information I can provide. Thanks, -Stefan _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
