Am 18.11.2014 um 16:12 schrieb Michael Catanzaro:
On Tue, 2014-11-18 at 12:11 +0100, Florian Weimer wrote:Firefox also builds a repository of intermediate certificates over time and uses them automatically to fill gaps in certificate chains for completely unrelated sites. This leads to somewhat non-predictable behavior regarding the set of sites to which Firefox can connect reliably. This is difficult to emulate in one-shot command line tools such as wget which do not keep any local state by default.And that's arguably the biggest problem of all. The goal is to reduce certificate validation failures for users who have seen a particular intermediate cert before, but the effect is that web developers get false positives when testing whether their sites are set up properly or not. This just makes things worse in the long run.
true - *but* anybody responsible for a https site should at leat once per month run https://www.ssllabs.com/ssltest/ against it
as far as i can say the best tool available, not only for check the certificate chain, also browser support, optimal cipher configuration and last but not least recent security issues reported
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
