Small note, to correct a misunderstanding from earlier in the thread -- even if *.mozilla.org were doing key pinning, Chromium/Chrome will ignore key pins if the observed cert chains up to a user/enterprise-installed root. So that wouldn't cause any issues.
-- Eric On Fri, Sep 18, 2015 at 12:06 AM, Yuhong Bao <yuhongbao_...@hotmail.com> wrote: > >> On Sep 17, 2015, at 8:29 PM, AnilG <a.gul...@tsc.nsw.edu.au> wrote: > >> > >> On Friday, 18 September 2015 12:29:46 UTC+10, Peter Gutmann wrote: > >>> base. If you look at Mozilla's own figures at > >>> https://input.mozilla.org/en-US/, they have a 90% dissatisfaction > rating from > >> > >> To make my point again, I can't access https://input.mozilla.org/en-US/ > from Firefox, I have to use Chrome. > > > > Can you do a quick test to help understand the likely root cause of your > issue? > > > > In Chrome, navigate to https://input.mozilla.org/en-US/ < > https://input.mozilla.org/en-US/> and then click the green lock. Click on > the “Connection” tab then cut and paste the first couple of sentences. > > > > It should say something like “The identity of […] has been verified by > […]. […] information was supplied by the server.” > > > > That will help determine what is causing your problem. > > Also see if it has something about TLS version fallback. Chrome is still > doing TLS 1.1 version fallback and it might be hiding the problem at the > MITM. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > -- konklone.com | @konklone <https://twitter.com/konklone> _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy