Forum Discussion
NimbostratusSSL client profile, with client certificate auth, stopped working this week with Firefox 27.0 update
NimbostratusSame problem here. On-Demand Certificate Authentication no longer works with latest Chrome or Firefox. With Chrome, problem started after updating to version 33.0.1750.117. I think the security fix CVE-2013-6659 is the root cause to this problem:
"The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation."
That's exactly what's happening here with the Virtual Server that has certificate from public CA and Trusted Root chain from private CA for Client Certificate Authentication.
At least it definitely has something to do with TLS1.2 because disabling it in the ClientSSL profile "fixes" the problem. Any help?
Simon_Hill_1215I am experiencing exactly the same problem as n0vac - Chrome v33.0.1750.154 on Windows 8.1 and Windows 7 SP1. On-Demand Certificate authentication event causes ERR_SSL_PROTOCOL_ERROR - picking up the client cert as part of the initial SSL negotiation does not. NoTLSv1.2 option on the client SSL profile 'fixes' it. Simon.- n0vac_65442I opened a case because of this problem. I hope they can find a solution for this.
