Bug#561918: client certificate authentication broken
mh at glandium.org
Tue Dec 22 22:59:27 UTC 2009
On Tue, Dec 22, 2009 at 11:42:02PM +0100, Christoph Anton Mitterer wrote:
> Hi Mike.
> On Tue, 2009-12-22 at 19:37 +0100, Mike Hommey wrote:
> > Can you try after setting the NSS_SSL_ENABLE_RENEGOTIATION environment
> > variable to 1 ? (with nss 3.12.5-1, obviously).
> Yes this "fixes" the problem.
This just confirms the diagnostic, which is that nss 3.12.5 disabled
renegotiation because of CVE-2009-3555. Now, we need to decide how to
allow client authentication without putting users too much at risk.
More information about the pkg-mozilla-maintainers