TLS 1.0 Hatin’ the Game

Wednesday, June 1, 2011

After much reading and interpreting, it became clear there was no more advice for configuration variations to get client cert login working. It seemed Chrome was doing it right, IE not even trying, and Firefox failing. No advice as to why and setting LogLevel to debug didn’t add much in the way of useful hints.

Jared Davenport, for reasons that would never have occurred to me, tried turning off TLS 1.0 in firefox as an allowed protocol. PCI compliance requires turning off a bunch of weaker/compromised protocols and ciphers anyway, so I already had:

SSLProtocol -ALL +SSLv3 +TLSv1

A quick test of

SSLProtocol -ALL +SSLv3

solved the problem with firefox. IE still refuses to talk to SSL, but IE is a stupidhead anyway. OK, it annoys me as the same client cert works on CACert.org’s site so something there is working right that isn’t on my box, but as I never use IE, I think I can let it go

Posted at 01:21:25 GMT-0700

Category: FreeBSD • Linux

Recent Posts
- TB 128 is coming. Lock your doors and hide your wife.2024 September 04
- Goodbye, Tortuga.2024 April 25
- A one page home/new tab page with random pictures, time, and weather2024 April 11
- Putting ccache on a backed RAM disk to speed compiles2024 March 16
- Audio File Analysis With Sox2024 February 07
- Manually Update Time Zone Data on Android 102023 October 31
- Autodictating to self using Whisper to preserve privacy2023 August 17
- Projecting Qubit Realizations to the Cryptopocalpyse Date2023 August 04
- AI PSYOPS are changing strategic messaging2023 July 29
- Convert A Slideshow/Presentation into HTML 5 Video2023 July 23
Categories
Categories
Links
Search
Search for:
Archives
Archives
Post History
June 2011
M T W T F S S
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30
« MayJul »

Gessel On…

TLS 1.0 Hatin’ the Game