Sreedhar Kamishetti wrote on 2009-01-29 16:28 PST:
> I just started to use JSS/NSS. So, if hope some one will reply to this
> post.
>
> We use SSL_DH_anon_WITH_3DES_EDE_CBC_SHA” as cipher suite for
> communication between SSL Peers. Client is in Java and Server is in C
> (uses OpenSSL).
>
> I
Hello,
I just started to use JSS/NSS. So, if hope some one will reply to this
post.
We use SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" as cipher suite for
communication between SSL Peers. Client is in Java and Server is in C
(uses OpenSSL).
I am trying to use JSS/NSS for Client side SSL Provide
Denis,
You have already made the appropriate leap to this conclusion.
I was going to suggest that there is something atypical about
your application architecture if you're relying on authentication
of the *machine* without the use of a hardware token - such as a
smartcard, TPM chip, etc.
What yo
On 01/29/2009 11:02 PM, Kyle Hamilton:
There are many. You are probably looking for either a USB token that
supports PKCS#11, such as the Aladdin eToken, or a smart card (with
its associated reader).
StartCom is an official reseller for Aladdin, and the CTO of the
company (which also operates a
There are many. You are probably looking for either a USB token that
supports PKCS#11, such as the Aladdin eToken, or a smart card (with
its associated reader).
StartCom is an official reseller for Aladdin, and the CTO of the
company (which also operates a commercial CA) maintains an active
prese
On 29/1/09 19:24, Nelson B Bolyard wrote:
Ian G wrote, On 2009-01-29 10:01:
Hmm, nope, apologies, I wasn't clear. What I wanted was something like
the behaviour shown on that page, when it comes in contact with a cert,
to be incorporated as behaviour in firefox. So that when firefox trips
over
Ian G wrote, On 2009-01-29 10:01:
> Hmm, nope, apologies, I wasn't clear. What I wanted was something like
> the behaviour shown on that page, when it comes in contact with a cert,
> to be incorporated as behaviour in firefox. So that when firefox trips
> over a cert, it could show something l
On 29/1/09 17:36, Johnathan Nightingale wrote:
On 29-Jan-09, at 8:29 AM, Ian G wrote:
On 29/1/09 13:31, Jean-Marc Desperrier wrote:
Gerv, what about changing the Firefox SSL page/implementation so that in
that situation, for those 99% of the market, it gives the most
informative information, n
On Thu, Jan 29, 2009 at 8:22 AM, crw wrote:
> I'm attempting to connect to adummy server that only accepts clients
> and tells me information regarding the connection and status.
>
> This works well in IE/Chrome (both connect and tell me that everything
> is fine)
IE and Google Chrome use the sam
On 29/1/09 12:53, Ben Bucksch wrote:
On 27.01.2009 05:20, Gervase Markham wrote:
https://bugzilla.mozilla.org/show_bug.cgi?id=475473
filed to create mozilla.dev.security.policy
(Only caveat: phishing doesn't really belong in either group. It's
usually handled in security, although it's ab
On 01/29/2009 02:21 PM, Jean-Marc Desperrier:
Eddy Nigg wrote:
[...]
Well, this thread started out with the request that Mozilla should
change it's policy to require CAs revoke certificate when the private
key is known to be compromised.
Given the practical problems of revoking a very large nu
At 1:21 PM +0100 1/29/09, Jean-Marc Desperrier wrote:
>Eddy Nigg wrote:
>>[...]
>>Well, this thread started out with the request that Mozilla should
>>change it's policy to require CAs revoke certificate when the private
>>key is known to be compromised.
>
>Given the practical problems of revoking
On 01/29/2009 06:36 PM, Johnathan Nightingale:
I think I'm hearing an RFE to change the cert error page to link to
elaborated information elsewhere (probably on support.mozilla.com, but
maybe on mozilla.com itself) which explains this problem to users,
possibly with a section for site administrat
On 29-Jan-09, at 8:29 AM, Ian G wrote:
On 29/1/09 13:31, Jean-Marc Desperrier wrote:
Gerv, what about changing the Firefox SSL page/implementation so
that in
that situation, for those 99% of the market, it gives the most
informative information, non scary, non blocking possible ? Even when
t
Thanks for the suggestion David. Unfortunately we are not connecting
to an active directory domain - our application has to go out over the
internet. I did a bit of fiddling with the certificates snap ins, but
Microsoft only makes certificates installed in the user account
available to IE. One othe
I'm attempting to connect to adummy server that only accepts clients
and tells me information regarding the connection and status.
This works well in IE/Chrome (both connect and tell me that everything
is fine)
This fails in FF3.0.5 because of a handshake error ( the only reason I
know this is I m
At 12:53 PM +0100 1/29/09, Ben Bucksch wrote:
>On 27.01.2009 05:20, Gervase Markham wrote:
>>https://bugzilla.mozilla.org/show_bug.cgi?id=475473
>>filed to create mozilla.dev.security.policy. And please let's not have a
>>bikeshed discussion about the name.
>>
>
>Sorry to do just that, but I thin
On 29-Jan-09, at 6:53 AM, Ben Bucksch wrote:
On 27.01.2009 05:20, Gervase Markham wrote:
https://bugzilla.mozilla.org/show_bug.cgi?id=475473
filed to create mozilla.dev.security.policy. And please let's not
have a
bikeshed discussion about the name.
Sorry to do just that, but I think it's
Denis McCarthy wrote:
customers use. On this application, it is important to identify the
physical machine on which a transaction takes place. In most of our
b) The application is currently multi platform, but all our users use
windows (because that is what the application we are replacing run
Hello Ian,
Thanks for your reply. I don't think I expressed myself too well in my
first post. My main problem is with some of our larger customers, and
the way I believe X509 certificates work. FYI, we are acting as our
own CA (as we need to trust the client, not the other way round), and
we do put
On 29/1/09 13:31, Jean-Marc Desperrier wrote:
Gervase Markham wrote:
Robertss wrote:
http://www.sslshopper.com/ssl-certificate-not-trusted-error.html
...
Gerv, what about changing the Firefox SSL page/implementation so that in
that situation, for those 99% of the market, it gives the most
in
Nelson B Bolyard wrote:
> Gervase Markham wrote, On 2009-01-26 05:27:
>> Nelson Bolyard wrote:
If it is the latter, what would be the effect of us removing the SSL
Step Up trust bit in NSS for the list of roots you give?
>>> No effect whatsoever.
>> Super. Would you care to file a bug to
On 01/29/2009 02:31 PM, Jean-Marc Desperrier:
Gerv, what about changing the Firefox SSL page/implementation so that in
that situation, for those 99% of the market, it gives the most
informative information, non scary, non blocking possible ? Even when
there was an error in the configuration ?
T
Gervase Markham wrote:
Robertss wrote:
Thanks, Gerv! I went through each of the providers websites and found
their main support pages. I have added links to them on this page:
http://www.sslshopper.com/ssl-certificate-not-trusted-error.html
I can tell you that you have covered 96% of the CA ma
Eddy Nigg wrote:
[...]
Well, this thread started out with the request that Mozilla should
change it's policy to require CAs revoke certificate when the private
key is known to be compromised.
Given the practical problems of revoking a very large number of
certificates, I'd consider it acceptab
On 27.01.2009 05:20, Gervase Markham wrote:
https://bugzilla.mozilla.org/show_bug.cgi?id=475473
filed to create mozilla.dev.security.policy. And please let's not have a
bikeshed discussion about the name.
Sorry to do just that, but I think it's more than bikeshed:
I do not think that CA po
On 29/1/09 10:42, Denis McCarthy wrote:
a) Is there some way to set up a PC so that X509 certificate is per
machine as opposed to per-user (I don't think you can as X509 is very
much user based)
At some base level, X.509 is just a lump of data, and really doesn't
mind what you do with it. I
Hi,
We have a financial services based web application that some of our
customers use. On this application, it is important to identify the
physical machine on which a transaction takes place. In most of our
customers' offices, X509 certificates work fine for this, as the
customer has a standalone
28 matches
Mail list logo
