Peter Djalaliev wrote, On 2008-06-18 12:02: > Hello, > > We have a user here that used to frequently get SSL -12263 error > messages when using Firefox 3 Beta.
This error message occurs when the server responds to the client's hello message with one of: a) plain text (not an SSL record) - e.g. an http server on port 443 b) an SSL2 record (an SSL2-only server, or an SSL3 server that responds with SSL2 error records) c) an SSL3/TLS record that exceeds the maximum allowable length. Notes: 1) Some SSL3-only servers have implemented SSL protocol version number negotiation incorrectly, and respond to hello requests for version 3.1 with an SSL2 error record. Retrying may correct this because FF will retry using SSL 3.0 instead of 3.1. 2) Some versions of IIS send out the certificate_request message in one SSL3 record, even when the message is larger than the maximum record size. They send out a record that exceeds the maximum record size. This is correctable only by reconfiguring the server to send out a shorter list of client CA names. These issues began when Firefox discontinued SSL2. I think that was in the official release of FF 2. AFAIK, nothing has changed in NSS in FF2.x or FF3 (including Betas) to affect this behavior. It is possible that PSM (the "glue" in FF that adapts to NSS) now automatically retries on certain errors that it previously did not. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
