Jean-Marc Desperrier wrote:
> But by far the most interesting thing on the site is the list of ssl
> sites that are *still* using compromised keys, established through that
> extension :
> http://www.codefromthe70s.org/sslblacklist-badcerts.aspx
Hmm. walmart.com is the big hitter on that list. Pre
Gervase Markham wrote, On 2009-01-20 20:33:
> Nelson B Bolyard wrote:
>> In Mozilla products, no roots have ever been SGC enabled.
>> Some roots were, and still are, marked as trusted for SSL Step Up.
>> Here's a list.
>
> Is the marking internal to or external to the cert? The fact that you
> say
Robertss wrote:
> Thanks for pointing this tool out. I actually helped create it. I
> included a link to a page that explains why an error is given when an
> Intermediate certificate cert is missing but I didn't include specific
> instructions on how to fix it because each certificate provider is
>
Nelson B Bolyard wrote:
> In Mozilla products, no roots have ever been SGC enabled.
> Some roots were, and still are, marked as trusted for SSL Step Up.
> Here's a list.
Is the marking internal to or external to the cert? The fact that you
say no certs have ever been SGC-enabled makes me suspect t
Rui Hodai wrote, On 2009-01-20 16:37:
> I'd like to know how can I change DHE key sizes with Firefox3.
No change to Firefox will have any effect.
> I found the 1024 bits keys are used as DHE key irrespective of
> SSL certificates when I captured communication packets from
> between Firefox3 and
srdavid...@gmail.com wrote, On 2009-01-20 11:48:
>> Yes, those browsers allowed SGC/Step-up only for a restricted list of
>> pre-installed root CA certificates.
>
> Anyone have a list of the specific roots that are SGC enabled?
> Many of them must be due for expiry soon.
SSL Step Up is differen
On Jan 19, 3:22 pm, Gervase Markham wrote:
> I just came across this:http://www.sslshopper.com/ssl-checker.html
>
> Rather nice, particularly for people with intermediate cert chain
> errors. It would be even better if there was an independent version of
> such a tool, which could link you through
Hi all.
I'd like to know how can I change DHE key sizes with Firefox3.
I found the 1024 bits keys are used as DHE key irrespective of
SSL certificates when I captured communication packets from
between Firefox3 and Apache+OpenSSL.
-Which decide the DHE key size ?
e.g. SSL server(Apache+OpenSS
> Yes, those browsers allowed SGC/Step-up only for a restricted list of
> pre-installed root CA certificates.
Anyone have a list of the specific roots that are SGC enabled? Many
of them must be due for expiry soon.
Is the intent to renew/replace them with SGC super-powers, or to let
SGC fade awa
On 20/1/09 01:22, Eddy Nigg wrote:
On 01/19/2009 12:52 PM, Ian G:
Mozilla is resolving disputes. It just hasn't said it, nor thought about
how it is doing it.
Well, it's my point that I think that Mozilla doesn't, hasn't and
shouldn't resolve disputes. However, continue below
* document
Hi,
I saw that a while ago but didn't report immediately about it, despite
it being very interesting.
So this site distribut a Firefox extension that can automatically report
if a server is using a weak key from the Debian Openssl vulnerability.
It now also detects the use of md5 :
http://w
Gervase Markham wrote:
I just came across this:
http://www.sslshopper.com/ssl-checker.html
Rather nice, particularly for people with intermediate cert chain
errors. It would be even better if there was an independent version of
such a tool, which could link you through to the "fix it" pages for
Gervase Markham wrote:
Does anyone know where I can find a definitive list of browsers for whom
SGC is helpful? That is to say, a list of browsers for which, if I
connected to a site with an SGC certificate, would provide a higher
grade of encryption than if I connected to an identical site with
13 matches
Mail list logo
