Package: iceweasel
Version: 10.0.12esr-1
after upgrading to wheezy and iceweasel 10.0.12esr-1
when i tried to connect to an older appliance (HP) via https i got:
---------------------------
Secure Connection Failed
An error occurred during a connection to x.x.x.x
The page you are trying to view can not be shown because the authenticity
of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Alternatively, use the command found in the help menu to report this broken
site.
----------------------------------
and no option to ignore this.
as a workaround:
i had to set:
before starting iceweasel
export NSS_ALLOW_WEAK_SIGNATURE_ALG=1
it would be good to have an option to allow this on a site by site basis in
the browser.
the nss website says the above environment setting does:
> Enables the use of MD2 and MD4 inside signatures. This was allowed by
> default before NSS 3.12.3.
when connectiong to the server via:
openssl s_client -connect
i get:
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
when i examine the self signed certificate it tells me:
$ openssl x509 -in q -text | grep Signature
Signature Algorithm: md5WithRSAEncryption
Signature Algorithm: md5WithRSAEncryption
so i am not really sure why this is rejected at all. but i thought i share
the sollution here in case other people have that problem as well.
mond
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
