round.
I like to avoid the OpenSSL-crypto-monoculture, but right now it looks
like using OpenSSL-FIPS is the fastest path forward. Any suggestions for
a way I could keep using NSS for this?
- Chris
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.m
e and CVE-2017-7502.
Thanks,
- Chris
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
e is mentioned twice and in both cases it's the
same server name. So that's why it's confusing.
If anyone has any insight, I would love it since I cannot start my httpd
service.
Chris
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
e is mentioned twice and in both cases it's the
same server name. So that's why it's confusing.
If anyone has any insight, I would love it since I cannot start my httpd
service.
Chris
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
pressed):
Order:
Cofactor: 1 (0x1)
Seed:
so I assume (perhaps stating the obvious) that the problem is that in the
latter case the key is a definition of the finite field in parametric form
rather than using the standard curve name and that this is not supported by
nss.
Many thanks!
*Chris Richardson*, System Architect
c...@fourc.eu
*FourC AS, Vestre Rosten 81, Trekanten, NO-7075 Tiller, Norwaywww.fourc.eu
<http://www.fourc.eu/>*
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Why not just add -std=gnu99 to the gcc switches so the code can at least use
the 16-year old version of the C standard?
- Chris
On February 3, 2016 at 17:59:14 , Martin Thomson (m...@mozilla.com) wrote:
Yes, the landing of the first patches for TLS 1.3 was a bit messy. We are
?id=967235>
It's not a sexy change to NSS, but it would be very useful. Enterprise
administrators of Firefox would probably appreciate this as well as server
admins for servers using NSS.
- Chris
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Does this support SubjectAltName forms such as XMPP Addr (RFC 6120 sec
13.7.1.4) or service name (RFC 4985)?
In particular, an "other" SubjectAltName generally involves at least an OID and
a string. This help is a bit terse for that use...
- Chris
--
dev-tech-cry
n B.
Regardless, I think NSS should provide the flag, and Firefox can design the
UI.
- Chris
--On February 3, 2014 8:49:27 -0800 florian.ben...@quantumedia.de wrote:
Hi folks,
there is consensus that some algorithms/ciphers (e.g. RC4) allowed by
default should not be consid
I believe this plan would have poor side effects. For example, if Apple
ships clients with a broken ECDSA implementation [0], a server cannot
detect detect if a connecting client is an Apple product and avoid the use
of ECDSA in that subset of connections. Instead, ECDSA suddenly becomes
unsafe f
use NSS under the LGPL 2.1 branch of the tri-license.
Switching to OpenSSL has been suggested.
- Chris
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
NSS component in bugzilla. See
https://bugzilla.mozilla.org/userprefs.cgi?tab=component_watch for how
you can subscribe to a feed of all NSS bug discussions.
Thanks, I subscribed.
Chris Newman wrote:
Will vulnerability fixes can be provided on the NSS 3.13.x patch
train? And if so, is there a date w
longer be provided
for that version?
- Chris
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
> You're right on one count, NSS and PKCS11 are large complicated systems.
> NSS actually comprises quite a bit more than PKCS11. PKCS11 is a
> standard promulgated by RSA for managing cryptographic tokens. NSS
> amongst other things provides API's which are compatible with the PKCS11
> API's. NSS
On Feb 25, 12:41 pm, John Dennis wrote:
> On 02/24/2011 02:39 PM, Chris wrote:
>
>
>
> > Hello,
>
> > Recently I was looking into the Firefox Sync utility. I setup my own
> > customer server and got my web browser to successfully sync to my
> > computer
Hello,
Recently I was looking into the Firefox Sync utility. I setup my own
customer server and got my web browser to successfully sync to my
computer and then wanted to look at the database entries. Of course
the data is encrypted which makes sense if I'm going to send my data
to a public server,
, however
there seems to be little to no information on the topiv.
any insight would be greatly appreciated.
- Chris
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 15/02/2010 02:57, Subrata Mazumdar wrote:
Since IE and Chrome (do not know about Safari and Opera) uses the same
Windows Crypto DB/Manager, the imported keys/certificates in PKCS#12 is
always visible to both browsers. FF does not uses Windows CertDB - FF
uses it's own CertDB. As a result, impo
I am trying to make a certificate request using a multi valued attribute
relative distinguished name using the certutil tool. However I keep getting
an error message saying that the DN is invalid. Is this not supported in
certutil? Here's the command I used:
certutil -R -s "UID=12345+CN=John
Florian Weimer wrote:
Perhaps Mozilla should change its policy to require CAs to revoke certs
when the private key is known to be compromised, whether or not an attack
is in evidence, as a condition of having trust bits in Firefox.
I don't think this can be made a requirement. Sudden improveme
On 30/12/08 18:08, Nelson B Bolyard wrote:
Chris Hills wrote, On 2008-12-30 08:49:
On 30/12/08 17:47, Nelson B Bolyard wrote:
I meant to add: The paper with the real facts is seen at
http://www.win.tue.nl/hashclash/rogue-ca/
In the meantime, could a list of the affected CA's be
On 30/12/08 17:47, Nelson B Bolyard wrote:
I meant to add: The paper with the real facts is seen at
http://www.win.tue.nl/hashclash/rogue-ca/
In the meantime, could a list of the affected CA's be made available so
that we may remove the trust bits from our own certificate stores?
___
A presentation was given at this year's Chaos Communication Congress in
which it was described how researchers were apparently able to produce
authentic signed SSL certificates thanks to a handful of CAs who rely on
MD5. If true, is it time to disable MD5 by default?
___
ImportCerts() with
keepCerts=PR_TRUE, I get a SEC_ERROR_BAD_DATABASE error.
thanks,
chris
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
jehan procaccia wrote:
> However, I must admit that it is not an easy way to distribute a CA, I
> was expecting something simpler !?
Jehan
This is why I want Firefox to support windows certificate stores, since
pushing certs through group policy is trivial!
Regards,
agine it would be useful to many users.
Regards,
Chris Hills
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
has limited functionality (doesn't do all the things you might like).
>
Thanks for the information!
Regards,
Chris Hills
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Bruno de Paula Ribeiro wrote:
> Hello Chris.
>
> I think you will have to write a CSP for this purpose. And that means
> you will need to install the CSP Dev Service Pack, build your .dll and
> than send it to Microsoft for code signing.
>
> Bruno.
Bruno
From what I ha
running Active Directory).
Thanks,
Chris Hills
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Thanks for the response!
On Jul 21, 1:40 am, Nelson B <[EMAIL PROTECTED]> wrote:
> Off top, I don't think the user's profile is the right place for a
> PKCS#11 module.
In this particular case it's no different than any plugin installed by
a user, it's not a system-wide install. It gets dumped in
I have a plugin extension which is also a PKCS#11 module and while
it's "easy" to install the plugin via the install.rdf system I can't
figure out a way to register it as a PKCS#11 module.
pkcs11.addmodule() would work but how can I get the path to the
library which is going to be in the current u
right way to be getting
the ssl cert for the server to which the browser is connecting. It
likely works for most cases, but there HAS to be a better way.
Any help?
In article <[EMAIL PROTECTED]>,
Chris Masone <[EMAIL PROTECTED]> wrote:
> Here is the problem I'm having..
outgoing request and incoming response, the 'status' object in the above
code is null. In subsequent requests and responses, it's fine and I get
the cert no problem.
Anyone have any ideas? Are there error codes I can check? Other code I
can look at?
Thanks,
Chris
onses, it's fine and I get
the cert no problem.
Anyone have any ideas? Are there error codes I can check? Other code I
can look at?
Thanks,
Chris
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
34 matches
Mail list logo
