Bug#561918: client certificate authentication broken
Christoph Anton Mitterer
christoph.anton.mitterer at physik.uni-muenchen.de
Tue Dec 22 23:18:03 UTC 2009
On Tue, 2009-12-22 at 23:59 +0100, Mike Hommey wrote:
> This just confirms the diagnostic, which is that nss 3.12.5 disabled
> renegotiation because of CVE-2009-3555. Now, we need to decide how to
> allow client authentication without putting users too much at risk.
ok,.. I've already suspected this after your hint ;)
However, I thought that disabling this wouldn't break login to sites.
Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20091223/9a2d5dc3/attachment-0001.bin>
More information about the pkg-mozilla-maintainers
mailing list