Firefox error console reports "server does not support RFC 5746, see CVE-2009-3555" error

  • 7008600
  • 18-May-2011
  • 26-Apr-2012


Novell Access Manager 3.1 Linux based Access Gateway Service on SLES 11
Novell Access Manager 3.1 Support Pack 3 applied


Access Manager configured and working fine - users accessing protected resources on the 
Linux based Access Gateway service (AGS) can authenticate and get access to the applications.
However when hitting a protected resource on the AGS, an error is returned that the AGS
does NOT support rfc 5746 on SSL renogotiations. This was supposedly addressed in Access Manager
3.1 SP3 for all components.

To duplicate:

a) clear Firefox Error Console messages in Firefox by clicking on Tools->Error
Console -> Clear.

b) Go to any URL on the AGS:

c) Look at the error console and you will see multiple messages of the
following format: : server does not support RFC 5746, see CVE-2009-3555


Make sure that the SLES11 platform that the AGS is running on has the latest OpenSSL modules. In our case version 30.22 took care of the issue. The SLES11 SP1 patch would also have taken care of the issue as it ships with



The AGS on Linux uses the openssl libraries from the server itself. The Windows equivalent includes the openSSL binaries.