Bug#730867: iceweasel: ssl_error_no_cypher_overlap error when using ipv6-enabled server with sslv3 disabled
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Dec 3 06:24:14 UTC 2013
Control: tags 730867 + unreproducible help moreinfo
On 12/02/2013 01:55 AM, Pierre Emeriaud wrote:
>> What configuration settings for iceweasel's TLS stack are made in
>> about:config for the profile experiencing this behavior?
>
> The config is pretty vanilla. no tweaks whatsoever.
>
>> In particular, i'm curious about the values for
>>
>> security.tls.version.max
>> security.tls.version.min
>
> min=0, max=1.
> The firefox I'm currently using (Arch package) has the same settings
> and no issues with the same server.
>
>> Is there a particular server to which you've been connecting to test
>> this behavior?
>
> Yes, mine: https://beta.ydct.org
>
> 403 is expected if TLS works.
Hm, i'm unable to reproduce this behavior.
I'm attaching a .pcapng file captured by wireshark showing my attempt to
replicate, connecting first to the IPv4 address and second to the IPv6
address of the server in question, successfully negotiating TLS both times.
I was using iceweasel 25.0-1 and libnss3 2:3.15.3-1 during this capture,
with an untouched profile.
Can you provide a similar packet capture, or some other way to replicate
the problem?
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 730867.pcapng
Type: application/octet-stream
Size: 31064 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20131203/cab3f389/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20131203/cab3f389/attachment-0001.sig>
More information about the pkg-mozilla-maintainers
mailing list