Bug#730867: iceweasel: ssl_error_no_cypher_overlap error when using ipv6-enabled server with sslv3 disabled

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Dec 2 06:41:19 UTC 2013


On 11/30/2013 09:08 AM, Pierre Emeriaud wrote:
> Package: iceweasel
> Version: 25.0-1
> Severity: important
> Tags: ipv6
> 
> When using ipv6, iceaweasel SSL hello is SSLv3, whereas it offers TLSv1 when using ipv4.
> 
> This leeds to the ssl_error_no_cypher_overlap error messages if the server has SSLv3 disabled. 

Thanks for reporting this bug!

What configuration settings for iceweasel's TLS stack are made in
about:config for the profile experiencing this behavior?

In particular, i'm curious about the values for

security.tls.version.max
security.tls.version.min

see: http://kb.mozillazine.org/Security.tls.version.*

Is there a particular server to which you've been connecting to test
this behavior?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20131202/441786a1/attachment.sig>


More information about the pkg-mozilla-maintainers mailing list