problems with client certificate authentication in Firefox 4
Hi,
I am having a problem with client certificate authentication since i upgrade from firefox 3.6 to 4. I can choose the certificate but then i receive an
SSL peer was not expecting a handshake message it received.
(Error code: ssl_error_handshake_unexpected_alert)
And in the apache error log i receive the following
[Sun Apr 17 00:07:20 2011] [error] Re-negotiation handshake failed: Not accepted by client!?
If i just press f5 and reload, the page loads normally. In firefox 3.6 and IE 8,9 it works fine.
All Replies (4)
+1 I'm having the same problem
This issue only occurs when using URL-based authentication -- so as a workaround, you could create a separate vhost where client certificates are always required. Unfortunately this requires a separate certificate and another IP address.
EDIT: I have submitted a bug report for this: Bugzilla #651897
Modified by intgr
Does your server support secure renegotiation? To check, go to https://www.ssllabs.com/, put your server's domain name into the "Test Your SSL Server Now!" input box, and click Submit. SSLLabs will do a bunch of tests which take a while. Afterwards, in the report you will see a line in the "Miscellaneous" section called "Renegotiation", with the value "Secure Renegotiation Supported." If you see something else, then your server doesn't support secure renegotiation; enabling it to resolve this issue. How you enable it depends on the server and/or SSL accelerator (load balancer) you are using.
Yes, the server supports secure renegotiation. I am using apache 2.2.16 compiled with Openssl 0.9.8o. Here are the results from the ssllabs:
https://www.ssllabs.com/ssldb/analyze.html?d=ripemd.labsec.ufsc.br
Try to upgrade firefox. It seems the error it's only in Firefox 3.6.8 to 3.6.1x see it ->https://bugzilla.mozilla.org/show_bug.cgi?id=651897 It worked for my web page in the browsers:
- 3.5.15
- 7.0
- 8.0.1
And don't work in:
- 3.6.16
Modified by bernattp