How to test: certtool --generate-privkey --outfile key.pem certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem certtool --generate-dh-params --bits 2237 --outfile dh2237.pem certtool --generate-dh-params --bits 2236 --outfile dh2236.pem
gnutls-serv --http --x509keyfile key.pem --x509certfile cert.pem --dhparams dh2237.pem --disable-client-cert --priority NONE:+VERS-TLS- ALL:+CIPHER-ALL:+MAC-ALL:+DHE-RSA:+SIGN-ALL:+COMP-ALL Connect to https://localhost:5556/ (with firefox for example) and observe the failure. gnutls-serv --http --x509keyfile key.pem --x509certfile cert.pem --dhparams dh2236.pem --disable-client-cert --priority NONE:+VERS-TLS- ALL:+CIPHER-ALL:+MAC-ALL:+DHE-RSA:+SIGN-ALL:+COMP-ALL Connect to https://localhost:5556/ (with firefox for example) and observe the normal security warning about untrusted certificate. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1002434 Title: TLS interoperability issue in NSS based software To manage notifications about this bug go to: https://bugs.launchpad.net/nss/+bug/1002434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
