Search squid archive

security.use_mozillapkix_verification and squid ssl bump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

Recent version of Firefox made some changes to certificate verification.

See here:
https://wiki.mozilla.org/SecurityEngineering/Certificate_Verification

After this many SSL bumped sites are showing verification error.

An error occurred during a connection to s-static.ak.facebook.com.
Certificate extension value is invalid.
(Error code: sec_error_extension_value_invalid)

Examples:
Facebook = https://s-static.ak.facebook.com/
Hotmail = https://sc.imp.live.com

Those sites work without SSL bumping.

Currently it can be fixed by changing:
security.use_mozillapkix_verification to false in Firefox.

As per Mozilla this will become always true from FF 33.

There is a bug report at Mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=1045973

But I doubt this actually is bug but future security feature.

Can anything be done in squid to allow above?
i.e. allow it to work regardless of value of mozillapkix

Thanks and regards,

Amm




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux