Re: Firefox security too strict (HSTS?)?

its been a whole day to search for a resolution. some of them i research in google entails with servers and stand alon computers. and i found a solution for this issue and its works like a charm. Solution No.2 and 3 from this website

Re: Firefox security too strict (HSTS?)?

It might for you but maybe something between you're system and hers is different so it works for you but not for her as my sig line says iam a computer tech i build sell service and consult. sometimes you can have to 2 identical systems side by side and one will work fine and the other has

Re: Firefox security too strict (HSTS?)?

Yes, Eric, the issue continues, though I'm not antagonistic as you seem to think, and I've never claimed to understand this space but out here in the real world the issue continues and Firefox is therefore depreciated here. This URL https://www.anymeeting.com/Free-Web-Conferencing-Features.aspx

Re: Firefox security too strict (HSTS?)?

On Wed, Sep 23, 2015 at 5:35 PM, Anil G wrote: > And finally, regrettably, Eric Mill: ". . . you should channel your > passion in the direction of the enterprise IT group -- or its political > overlords -- that are inconveniencing you and driving their users away from >

Re: Firefox security too strict (HSTS?)?

> My organization, a significant government agency, just told people to stop > using Chrome and Firefox (and to use Internet Explorer) for major internal > applications because of their mutual decision to drop TLS version > negotiation support for 1.0. > > I channeled my passion in the direction

RE: Firefox security too strict (HSTS?)?

What is also fun is that they released it two weeks before Oracle released it's own patch for paid Java 6/7 customers, before which the 768-bit DHE was hardcoded. > Subject: Re: Firefox security too strict (HSTS?)? > From: k...@caspia.com > Date

Re: Firefox security too strict (HSTS?)?

On 9/16/2015 3:01 PM, AnilG wrote: Yes, I agree. From my limited perspective and knowledge I trust you as an authority that that's probably completely correct. But that's not the issue. I've got a concern that security management in Firefox is too hard for enterprise and may additionally have

Re: Firefox security too strict (HSTS?)?

On Wed, Sep 23, 2015 at 3:17 PM, R Kent James wrote: > On 9/23/2015 1:57 PM, Eric Mill wrote: > >> I'd phrase it instead as: what can be done to educate people responsible >> for deploying/buying enterprise software deployment that a rapid update >> path for all

Re: Firefox security too strict (HSTS?)?

On 9/23/2015 1:57 PM, Eric Mill wrote: I'd phrase it instead as: what can be done to educate people responsible for deploying/buying enterprise software deployment that a rapid update path for all software/protocols/ciphers/certificates is a critical prerequisite for performing their job

Re: Firefox security too strict (HSTS?)?

Except in both of these cases -- removing TLS fallback to v1.0, and raising DH parameter minimums -- Chrome joined Firefox in doing so. Firefox went out first, and so that was the first impression people got, but Chrome's policies are no less strict. In at least some enterprises, "everyone use IE"

Re: Firefox security too strict (HSTS?)?

On Wed, Sep 23, 2015 at 2:55 PM, R Kent James wrote: > On 9/23/2015 1:25 PM, Eric Mill wrote: > >> Except in both of these cases -- removing TLS fallback to v1.0, and >> raising >> DH parameter minimums -- Chrome joined Firefox in doing so. Firefox went >> out first, and so that

Re: Firefox security too strict (HSTS?)?

On 9/23/2015 1:25 PM, Eric Mill wrote: Except in both of these cases -- removing TLS fallback to v1.0, and raising DH parameter minimums -- Chrome joined Firefox in doing so. Firefox went out first, and so that was the first impression people got, but Chrome's policies are no less strict. In at

Re: Firefox security too strict (HSTS?)?

How happy am I that R Kent James finally recognises my issue? After more than 30 posts we're finally talking about it. Does the resistance showing here indicate the cultural problem that R Kent James refers to? I don't know if I'm reading these posts right but, kindly: Michael Stroder: "within

Re: Firefox security too strict (HSTS?)?

> > To make my point again, I can't access https://input.mozilla.org/en-US/ > > from Firefox, I have to use Chrome. > In Chrome, navigate to https://input.mozilla.org/en-US/ > and then click the green lock. Click on > the "Connection" tab then cut and paste

Re: Firefox security too strict (HSTS?)?

Small note, to correct a misunderstanding from earlier in the thread -- even if *.mozilla.org were doing key pinning, Chromium/Chrome will ignore key pins if the observed cert chains up to a user/enterprise-installed root. So that wouldn't cause any issues. -- Eric On Fri, Sep 18, 2015 at 12:06

Re: Firefox security too strict (HSTS?)?

On Thursday, 17 September 2015 10:11:06 UTC+10, Daniel Micay wrote: > Chrome has pinning too . . . I don't think lack of support > for MITM attacks is a bug that should be addressed. It's a security > liability even when used internally by an organization. Thanks for your contribution, Daniel.

RE: Firefox security too strict (HSTS?)?

AnilG writes: >This is really big picture here: I've looked up and suddenly seen Firefox >market share trajectory looking like we need some steering input fast. This >is a 3 to 6 year picture of decline so it will take as long to correct. Oh dear, this is really going

RE: Firefox security too strict (HSTS?)?

> On Friday, 18 September 2015 12:29:46 UTC+10, Peter Gutmann wrote: >> base. If you look at Mozilla's own figures at >> https://input.mozilla.org/en-US/, they have a 90% dissatisfaction rating from > > To make my point again, I can't access https://input.mozilla.org/en-US/ from > Firefox, I have

Re: Firefox security too strict (HSTS?)?

> On Sep 17, 2015, at 8:29 PM, AnilG wrote: > > On Friday, 18 September 2015 12:29:46 UTC+10, Peter Gutmann wrote: >> base. If you look at Mozilla's own figures at >> https://input.mozilla.org/en-US/, they have a 90% dissatisfaction rating from > > To make my point

RE: Firefox security too strict (HSTS?)?

>> On Sep 17, 2015, at 8:29 PM, AnilG wrote: >> >> On Friday, 18 September 2015 12:29:46 UTC+10, Peter Gutmann wrote: >>> base. If you look at Mozilla's own figures at >>> https://input.mozilla.org/en-US/, they have a 90% dissatisfaction rating >>> from >> >> To make my

Re: Firefox security too strict (HSTS?)?

On Friday, 18 September 2015 12:29:46 UTC+10, Peter Gutmann wrote: > AnilG writes: > > >This is really big picture here: I've looked up and suddenly seen Firefox > >market share trajectory looking like we need some steering input fast. This > >is a 3 to 6 year picture of decline so it will take

Re: Firefox security too strict (HSTS?)?

On Friday, 18 September 2015 12:29:46 UTC+10, Peter Gutmann wrote: > base. If you look at Mozilla's own figures at > https://input.mozilla.org/en-US/, they have a 90% dissatisfaction rating from To make my point again, I can't access https://input.mozilla.org/en-US/ from Firefox, I have to use

Re: Firefox security too strict (HSTS?)?

Co-incidentally, now that I've resolved that certificate problem, I am now getting an issue connecting to https://support.mozilla.org/1/firefox/40.0.3/Darwin/en-GB/clicktoplay Secure Connection Failed The connection to support.mozilla.org was interrupted while the page was loading. The page

Re: Firefox security too strict (HSTS?)?

On 9/16/15 1:13 AM, Kurt Roeckx wrote: I think they can distribute the certificate for use by chrome and internet explorer by using the group policy and so it's trivial for them to distribute it to all the PCs. It might be a little bit more complicated to do the same for Firefox. We have

Re: Firefox security too strict (HSTS?)?

On Wed, Sep 16, 2015 at 02:51:28PM -0700, AnilG wrote: > > there's another issue blocking them for Firefox: Secure Connection Failed. > The connection to wiki.mozilla.org was interrupted while the page was loading. I wonder if firefox is using certificate pinning for *.mozilla.org. Kurt

Re: Firefox security too strict (HSTS?)?

On Thursday, 17 September 2015 08:02:21 UTC+10, David Keeler wrote: > On 09/16/2015 02:51 PM, AnilG wrote: > > Thanks Kathleen, those links might be helpful. I'm following them up in > > Chrome because there's another issue blocking them for Firefox: Secure > > Connection Failed. The connection

Re: Firefox security too strict (HSTS?)?

On 09/16/2015 02:51 PM, AnilG wrote: > Thanks Kathleen, those links might be helpful. I'm following them up in > Chrome because there's another issue blocking them for Firefox: Secure > Connection Failed. The connection to wiki.mozilla.org was interrupted while > the page was loading. The page

Re: Firefox security too strict (HSTS?)?

Yes, some hosts are pinned: https://dxr.mozilla.org/mozilla-central/source/security/manager/tools/PreloadedHPKPins.json MITM is *always* bad and breaks the web. Modern browsers, especially Firefox, have great features to protect the users and this is something good. I'm pretty sure your students

Re: Firefox security too strict (HSTS?)?

On Thursday, 17 September 2015 09:27:15 UTC+10, s...@gmx.ch wrote: > MITM is *always* bad and breaks the web. Modern browsers, especially > Firefox, have great features to protect the users and this is something > good. I'm pretty sure your students don't even know, that you attack > their

Re: Firefox security too strict (HSTS?)?

Chrome has pinning too (in fact, Firefox's baseline list for HSTS and pinning is extracted from there). AFAIK, Mozilla just didn't ask for their domains to be pinned in Chromium. I don't think lack of support for MITM attacks is a bug that should be addressed. It's a security liability even when

Re: Firefox security too strict (HSTS?)?

Thanks Gerv, I take your point. I think I do get a list of user certs from Keychain on Mac but I suppose that may not modify your response from a coding point of view. My point is that Firefox will be no good for the web if no one is using it. 1. I have seen Firefox go from recommended browser

Re: Firefox security too strict (HSTS?)?

On 15/09/15 01:12, Anil Gulati wrote: > To remove unnecessary impediments to Firefox use and adoption wouldn't it > make sense to configure Firefox to use the OS cert store by default, and > allow an option to use internal cert database? We would love it if the OS would give us a list of _just_

Re: Firefox security too strict (HSTS?)?

Thanks again, Chris. I've solved the problem and this sheds some light. I found the cert in the Mac OS X Keychain app and exported it from there. It exported with a different embedded CN for issuer and subject. The original raw cert I imported into Firefox seemed to have arbitrary free text in

Re: Firefox security too strict (HSTS?)?

On Sun, Sep 13, 2015 at 2:56 PM, AnilG wrote: Thanks Chris, I'll follow up with IT on this question. > You can check yourself if the chain you see chains up to the right root. In Chrome, click on the lock icon in the location bar, click the Connection Tab, and then

Re: Firefox security too strict (HSTS?)?

Thanks Richard and Kurt. I made sure I trusted it as much as possible :-) All three bits are set (checked / on / trusted): web, mail and software. On Saturday, 12 September 2015 13:18:52 UTC+10, Richard Barnes wrote: > On Fri, Sep 11, 2015 at 4:29 PM, Kurt Roeckx wrote: > > On

Re: Firefox security too strict (HSTS?)?

On Fri, Sep 11, 2015 at 03:34:21PM -0400, Richard Barnes wrote: > And that the certificate has the "identify websites" bit set? You mean that when it's important into firefox, he should say it should be trusted for websites? Or are you talking about an extention in the certificate itself? Kurt

Re: Firefox security too strict (HSTS?)?

On Fri, Sep 11, 2015 at 4:29 PM, Kurt Roeckx wrote: > On Fri, Sep 11, 2015 at 03:34:21PM -0400, Richard Barnes wrote: > > And that the certificate has the "identify websites" bit set? > > You mean that when it's important into firefox, he should say it > should be trusted for