MozillaWiki

SecurityEngineering/mozpkix-testing: Difference between revisions

Page Discussion

SecurityEngineering/mozpkix-testing (view source)

Revision as of 20:19, 23 April 2014

81 bytes added ,  23 April 2014
m
→‎Behavior Changes
Line 72: Line 72:


= Behavior Changes =
= Behavior Changes =
Mozilla::pkix includess some changes in support of current best practices and policies, as listed below. If you notice an issue due to any of these changes, please feel free to let us know. However, we believe that in most cases, the simplest resolution will be to update the SSL certificate in your webserver.  
Mozilla::pkix includes some changes in support of current best practices and policies, as listed below. If you notice an issue due to any of these changes, please feel free to [https://groups.google.com/d/msg/mozilla.dev.tech.crypto/EbWse7Ryj8I/mgNRW4yGAwUJ let us know]. However, we believe that in most cases, the simplest resolution will be to update the SSL certificate in your webserver.  
# Mozilla::pkix does not allow x509 version 2 certificates in any position (root, intermediate or End-Entity (EE))  and version 1 certificates are only allowed as trust anchors.  
# Mozilla::pkix does not allow x509 version 2 certificates in any position (root, intermediate or End-Entity (EE))  and version 1 certificates are only allowed as trust anchors.  
# End certificates used by servers are not allowed to have basic constraints asserting isCA=TRUE.  
# End certificates used by servers are not allowed to have basic constraints asserting isCA=TRUE.  
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/968172"