Environment
Novell Access Manager 3.1 SP3 IR2 Linux Access Gateway
RFC 5746 - SSL Secure Renegotiation
RFC 5746 - SSL Secure Renegotiation
Situation
Purpose:
Access a resource protected by the Linux Access Gateway appliance (LAG) having the Firefox configuration parameter:
security.ssl.require_safe_negotiation = true
Symptoms:
The protected resource is not accessible and Firefox trigger the following error:
"ssl_error_unsafe_negotiation"
if the firefox parameter "security.ssl.require_safe_negotiation" is set to "False", the protected resource is accessible but the Firefox error console reports the following:
"server does not support RFC 5746, see CVE-2009-3555."
Access a resource protected by the Linux Access Gateway appliance (LAG) having the Firefox configuration parameter:
security.ssl.require_safe_negotiation = true
Symptoms:
The protected resource is not accessible and Firefox trigger the following error:
"ssl_error_unsafe_negotiation"
if the firefox parameter "security.ssl.require_safe_negotiation" is set to "False", the protected resource is accessible but the Firefox error console reports the following:
"server does not support RFC 5746, see CVE-2009-3555."
Resolution
The first LAG release that fully supports the RFC 5746 on the SSL
renegotiation is the 3.1 SP4 (3.1.4-27).