On Fri, 4 Jan 2013 12:18:45 -0500 Michael Mol <mike...@gmail.com> wrote:
> On Fri, Jan 4, 2013 at 12:13 PM, Mick <michaelkintz...@gmail.com> > wrote: > > > > On Friday 04 Jan 2013 12:45:01 Robert David wrote: > >> Hi all, > >> > >> anyone have problem with firefox and selfsigned ssl? I tryed > >> firefox and firefox-bin. > >> > >> Firefox: > >> Problem loading page: Secure connection failed. > >> > >> Firefox-bin: > >> No problem loading page. > >> > >> > >> I tryed with/without system-sqlite. Rebuild nss. Nothing helped. > >> > >> > >> > >> Robert David > > > > Hmm .... it should flag up a warning and once you accept it there > > shouldn't be a problem connecting. > > Some browsers (I don't know if FF is one of them) won't allow bypass > depending on the cert details. I've seen "the server has requested > strict validation" before. > > > -- > :wq > Not seen certs that do that but HSTS http headers can prevent override. Unfortunately even though an incorrect clock is perfectly acceptable to SSL it is not to HSTS. I expect to hear user complaints getting play.com to disable HSTS due to flat bios batteries (and no NTP is seemingly no answer to this problem). My preference is a compulsory header redirect to ssl. I've suggested a disable HSTS option enabled by setting the mozilla master password. In any case he said it worked in one copy of firefox so It's unlikely to be the culprit. I assume you tested with the same url?
