Hello,
Recent version of Firefox made some changes to certificate verification.
See here:
https://wiki.mozilla.org/SecurityEngineering/Certificate_Verification
After this many SSL bumped sites are showing verification error.
An error occurred during a connection to s-static.ak.facebook.com.
Certificate extension value is invalid.
(Error code: sec_error_extension_value_invalid)
Examples:
Facebook = https://s-static.ak.facebook.com/
Hotmail = https://sc.imp.live.com
Those sites work without SSL bumping.
Currently it can be fixed by changing:
security.use_mozillapkix_verification to false in Firefox.
As per Mozilla this will become always true from FF 33.
There is a bug report at Mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=1045973
But I doubt this actually is bug but future security feature.
Can anything be done in squid to allow above?
i.e. allow it to work regardless of value of mozillapkix
Thanks and regards,
Amm
Received on Sat Aug 02 2014 - 07:42:36 MDT
This archive was generated by hypermail 2.2.0 : Sat Aug 02 2014 - 12:00:05 MDT