Re: SHA256 certificate support in Firefox.

2010-03-19 Thread Wan-Teh Chang
2010/3/19 Mountie Lee : > Hi. > I got to understand the differences and limitations. > personal certificate signed by CA with SHA256 is OK in current firefox. > the CertificateVerify step of SSL handshaking procedure does not support > SHA256 in current firefox. > right? Yes, that's right. Does O

Re: SHA256 certificate support in Firefox.

2010-03-19 Thread Mountie Lee
Hi. I got to understand the differences and limitations. personal certificate signed by CA with SHA256 is OK in current firefox. the CertificateVerify step of SSL handshaking procedure does not support SHA256 in current firefox. right? regards. mountie. On Sat, Mar 20, 2010 at 10:53 AM, Wan-Te

Re: SHA256 certificate support in Firefox.

2010-03-19 Thread Wan-Teh Chang
On Fri, Mar 19, 2010 at 6:50 PM, Wan-Teh Chang wrote: > 2010/3/19 Mountie Lee : >> Hi. >> sha256 certificate means >> client certificate using sha256 for ssl client authentication. > > If you mean the signature in the TLS/SSL CertificateVerify message, > then only TLS 1.2 allows you to use a SHA-2

Re: SHA256 certificate support in Firefox.

2010-03-19 Thread Wan-Teh Chang
2010/3/19 Mountie Lee : > Hi. > sha256 certificate means > client certificate using sha256 for ssl client authentication. If you mean the signature in the TLS/SSL CertificateVerify message, then only TLS 1.2 allows you to use a SHA-256 signature, and NSS doesn't support TLS 1.2 yet. Wan-Teh -- d

Re: SHA256 certificate support in Firefox.

2010-03-19 Thread Mountie Lee
hi. I read the thread #542441. that is about mime type handling in firefox. and has no relation with my question. On Fri, Mar 19, 2010 at 4:09 PM, Gen Kanai wrote: > > > On 3/19/10 3:37 PM, Nelson B Bolyard wrote: > > On 2010/03/18 19:55 PST, Mountie Lee wrote: > > > >> Hi. all. I'm Mountie Lee

Re: SHA256 certificate support in Firefox.

2010-03-19 Thread Mountie Lee
Hi. sha256 certificate means client certificate using sha256 for ssl client authentication. regards. mountie. 2010/3/20 Hanno Böck > Am Freitag 19 März 2010 schrieb Mountie Lee: > > May I ask Firefox has plan to support SHA256 in near future or > > URL link for discussion thread? > > I have set

Re: SHA256 certificate support in Firefox.

2010-03-19 Thread Hanno Böck
Am Freitag 19 März 2010 schrieb Mountie Lee: > May I ask Firefox has plan to support SHA256 in near future or > URL link for discussion thread? I have set up a test site with sha256/sha512 certificates and they work pretty well within all browsers I've tested including firefox. See here: http://h

Re: SHA256 certificate support in Firefox.

2010-03-19 Thread Lee Mountie
hi thanks for your mail I comment line by line Mountie 2010. 3. 19. 15:37 Nelson B Bolyard 작성: On 2010/03/18 19:55 PST, Mountie Lee wrote: Hi. all. I'm Mountie Lee of PayGate, Korea. Welcome. in Korea, National PKI is becoming big issue maker. one of good considerations is storing Natio

Re: Cipher not picked/enabled in a TLS session

2010-03-19 Thread Jean-Marc Desperrier
Gregory BELLIER wrote: Jean-Marc Desperrier a écrit : Wan-Teh Chang wrote: You can use the NSS command-line tool 'ssltap' to inspect the SSL handshake messages:http://www.mozilla.org/projects/security/pki/nss/tools/ssltap.html It's significantly easier to do it with Wireshark. Is it easier

Re: SHA256 certificate support in Firefox.

2010-03-19 Thread Gen Kanai
On 3/19/10 3:37 PM, Nelson B Bolyard wrote: > On 2010/03/18 19:55 PST, Mountie Lee wrote: > >> Hi. all. I'm Mountie Lee of PayGate, Korea. >> > Welcome. > > >> in Korea, National PKI is becoming big issue maker. one of good >> considerations is storing National Certificate to Browser