X
Tap here to go to the mobile version of the site.

Support Forum

Firefox 4.0 and 4.0.1 can NOT handle multiple user certificates for a secure site (Firefox 2.x.y and 3.x.y CAN!!!)

Posted

When you access a secure site with a user certificate Firefox 4.0 and 4.0.1, fail and the server says:


Secure Connection Failed An error occurred during a connection to www...com (Error code: ssl_error_renegotiation_not_allowed) The page you are trying to view can not be shown because the authenticity of the received data could not be verified. Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.


The problem is not the site, Firefox 3.x.y works perfect!, it ask the user for the Master Password and then to select which one of the certificates must be used (also ask if this decision will be permanent until Firefox Exit, this allow the user NOT to answer this certificate question every time a negotiation start with the server).

This is obviously a BUG (an awful one), because security should be a priority (if not, you can use Microsoft Explorer)

When you access a secure site with a user certificate Firefox 4.0 and 4.0.1, fail and the server says: --------------------------------------- Secure Connection Failed An error occurred during a connection to www...com (Error code: ssl_error_renegotiation_not_allowed) The page you are trying to view can not be shown because the authenticity of the received data could not be verified. Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site. --------------------------------------- The problem is not the site, Firefox 3.x.y works perfect!, it ask the user for the Master Password and then to select which one of the certificates must be used (also ask if this decision will be permanent until Firefox Exit, this allow the user NOT to answer this certificate question every time a negotiation start with the server). This is obviously a BUG (an awful one), because security should be a priority (if not, you can use Microsoft Explorer)

Modified by fgil

Chosen solution

No, it is not a bug, but it is a fixed bug about a security issue that should fixed on web servers. Firefox 4 doesn't allow this anymore.

See:


You can look at the pref security.ssl.renego_unrestricted_hosts on the about:config page and add the sites that you want to allow to the string value.

To open the about:config page, type about:config in the location (address) bar and press the "Enter" key, just like you type the url of a website to open a website.
If you see a warning then you can confirm that you want to access that page.

Read this answer in context 5

Additional System Details

Sites Affected

http://

Installed Plug-ins

  • Office Plugin for Netscape Navigator
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Shockwave Flash 10.1 r102
  • Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
  • Adobe PDF Plug-In For Firefox and Netscape

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1

More Information

cor-el
  • Top 10 Contributor
  • Moderator
17416 solutions 157343 answers

Chosen Solution

No, it is not a bug, but it is a fixed bug about a security issue that should fixed on web servers. Firefox 4 doesn't allow this anymore.

See:


You can look at the pref security.ssl.renego_unrestricted_hosts on the about:config page and add the sites that you want to allow to the string value.

To open the about:config page, type about:config in the location (address) bar and press the "Enter" key, just like you type the url of a website to open a website.
If you see a warning then you can confirm that you want to access that page.

No, it is not a bug, but it is a fixed bug about a security issue that should fixed on web servers. Firefox 4 doesn't allow this anymore. See: * http://wiki.mozilla.org/Security:Renegotiation ---- You can look at the pref <b>security.ssl.renego_unrestricted_hosts</b> on the <b>about:config</b> page and add the sites that you want to allow to the string value. To open the <i>about:config</i> page, type <b>about:config</b> in the location (address) bar and press the "<i>Enter</i>" key, just like you type the url of a website to open a website.<br /> If you see a warning then you can confirm that you want to access that page.<br />

Question owner

Thanks!!!, I see, there is a problem with the old SSL/TLS protocol version that allow a man in the middle attack if renegotiation is active, is not a problem managing the certificates.

thank you again.

Thanks!!!, I see, there is a problem with the old SSL/TLS protocol version that allow a man in the middle attack if renegotiation is active, is not a problem managing the certificates. thank you again.
cor-el
  • Top 10 Contributor
  • Moderator
17416 solutions 157343 answers

Helpful Reply

You're welcome

You're welcome
Vyre 0 solutions 1 answers

So......how do I -FIX- this? my bank won't let me see my account information anymore because of this $%#@ing problem!

So......how do I -FIX- this? my bank won't let me see my account information anymore because of this $%#@ing problem!
jim7963 0 solutions 1 answers

On the about:config page, at the pref security.ssl.renego_unrestricted_hosts you can make a double-click and type the web adresses separate by commas (www.adress1.com,www.adress2.fr,...) you want to allow. I've tested it and it works.

On the '''about:config''' page, at the pref '''security.ssl.renego_unrestricted_hosts''' you can make a double-click and type the web adresses separate by commas (www.adress1.com,www.adress2.fr,...) you want to allow. I've tested it and it works.

Modified by jim7963

tuturutko 0 solutions 2 answers

Hi, i have this problem to, but i have a terminal server and i want to make a changes to all users. Where have to make these changes? I forgot to say the i use Mozilla Firefox 5.0

Thank you in advance.
Hi, i have this problem to, but i have a terminal server and i want to make a changes to all users. Where have to make these changes? I forgot to say the i use Mozilla Firefox 5.0 Thank you in advance.

Modified by tuturutko

tuturutko 0 solutions 2 answers

Nice, what a great forum 1 week and no answer. Good job.

Nice, what a great forum 1 week and no answer. Good job.