cancel
Showing results for 
Search instead for 
Did you mean: 

client certificate authentication not working in FF4?

Highlighted
Occasional Contributor

client certificate authentication not working in FF4?

Hi all,

I upgraded to Firefox 4 yesterday and today I found out I can't connect to our SA boxes. I'm getting the following error after I submit my credentials:

Secure Connection Failed
An error occurred during a connection to ****.
Renegotiation is not allowed on this SSL socket.
(Error code: ssl_error_renegotiation_not_allowed)

It only occurs when using 2-factor authentication with the second factor being a user certificate, but we use it a lot. I tried it with IVE versions 6.5r2 and 7.0R4 and the result is the same.


3 REPLIES 3
Highlighted
Occasional Contributor

Re: client certificate authentication not working in FF4?

Hmm, it seem it was intentional on Firefox side. And according to http://en.wikipedia.org/wiki/Transport_Layer_Security it can break the client certificate authentication.

So one option would be to enable the renegotiation temporarily (http://dotomaz.tumblr.com/post/786443743/firefox-4-0b1-and-ssl-renegotiation), until a better solution is found.

Highlighted
New Contributor

Re: client certificate authentication not working in FF4?

hey the mentioned setting is true for ALL connections! Think about to set just:

security.ssl.renego_unrestricted_hosts

and enter your exception like:

webmail.example.com

Trackback: https://support.mozilla.com/de/questions/744718 (comment by ssd28)

Update: look at: http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB20762

Highlighted
Respected Contributor

Re: client certificate authentication not working in FF4?

that message for the renegotiation is correct behavior until an upgrade to 7.1Rx is done.