NSS 3.12.6 Release Candidate 0 is now available for testing.
The CVS tag is NSS_3_12_6_RC0.
The main feature in NSS 3.12.6 is the TLS renegotiation
indication extension, specified in RFC 5746.
You can test the client side code using Firefox trunk nightly
builds, and the server side code using htt
On 02/18/2010 03:54 PM, Eddy Nigg:
Which reminds me that we were at this stage already in the past.
Basically the authenticated session would have to be relayed through
to the second server, something I rather prefer not to do. I suspect
that there is no other way around that.
Trying the
On 2/18/10 5:54 AM, Eddy Nigg wrote:
> Which reminds me that we were at this stage already in the past.
> Basically the authenticated session would have to be relayed through to
> the second server, something I rather prefer not to do. I suspect that
> there is no other way around that.
You could
Hello, Michael.
No. No such mail client exists that allow tune/edit recipient's S/MIME caps.
This is because some influential people consider:
* S/MIME caps are just a part of "mail security protocol"
* protocol shouldn't be exposed to end user to prevent security compromise.
* we should
On Sun, Feb 14, 2010 at 9:28 AM, Daniel Veditz wrote:
> I'm surprised not to see it mentioned here yet, but Firefox
> nightlies implement the new TLS spec to prevent the renegotiation
> flaw. The fixes in NSS can also be used to build your own patched
> version of moz_nss for apache.
>
> Huge than
On 02/18/2010 02:43 PM, Eddy Nigg:
This requires that you split your content into two separate servers,
jump to authent.secure.startcom as soon as a user wishes to use a
cert, and remain at secure.startcom while you don't need the user to
be authenticated.
OK, now I got it...indeed an in
On 02/18/2010 02:37 PM, Kai Engert:
Eddy, describing the solution in more detail:
- configure secure.startcom.com to never request client auth
- configure authent.secure.startcom.com to always request client auth
This avoids having to renegotiate, because the require authentication
level is s
On 18.02.2010 02:45, Eddy Nigg wrote:
If you currently have a https site that's partly open and partly
accessed only with client authentication, I think the only reasonable
way out is to break it in two.
Not sure what you mean, but the server doesn't accept client initiated
renegotiation. R
HI!
I'm using Seamonkey 2.0.3 under Linux. Is there a way to list and tweak the
cached S/MIME capabilities for certain recipients?
Ciao, Michael.
--
Michael Ströder
E-Mail: mich...@stroeder.com
http://www.stroeder.com
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://li
9 matches
Mail list logo
