TLS 1.0 Hatin’ the Game

Wednesday, June 1, 2011

After much reading and interpreting, it became clear there was no more advice for configuration variations to get client cert login working. It seemed Chrome was doing it right, IE not even trying, and Firefox failing. No advice as to why and setting LogLevel to debug didn’t add much in the way of useful hints.

Jared Davenport, for reasons that would never have occurred to me, tried turning off TLS 1.0 in firefox as an allowed protocol. PCI compliance requires turning off a bunch of weaker/compromised protocols and ciphers anyway, so I already had:

SSLProtocol -ALL +SSLv3 +TLSv1

A quick test of

SSLProtocol -ALL +SSLv3

solved the problem with firefox. IE still refuses to talk to SSL, but IE is a stupidhead anyway. OK, it annoys me as the same client cert works on CACert.org’s site so something there is working right that isn’t on my box, but as I never use IE, I think I can let it go

Posted at 01:21:25 GMT-0700

Category: FreeBSD • Linux

Recent Posts
- The end of a comic era 2023 May 14
- WordPress forward and back navigation I find pleasing 2023 May 07
- عيد مبارك 2023 April 22
- Technology: maximizing individual radius of lethality. 2023 February 05
- Sidebar featured images only on single post pages 2023 January 24
- LastPass: The Cloud is Public and Ephemeral 2023 January 05
- Some gnuplot and datamash adventures 2022 December 29
- Smol bash script for finding oversize media files 2022 September 02
- Deep Learning Image Compression: nearly 10,000:1 compression ratio! 2022 June 28
- Audio Compression for Speech 2022 June 28
Categories
Categories
Links
Search
Search for:
Archives
Archives
Post History
June 2011

M T W T F S S

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30

« May Jul »

Gessel On…

TLS 1.0 Hatin’ the Game