Confirmed users, Administrators
5,526
edits
Line 72: | Line 72: | ||
= Behavior Changes = | = Behavior Changes = | ||
Mozilla::pkix | Mozilla::pkix includes some changes in support of current best practices and policies, as listed below. If you notice an issue due to any of these changes, please feel free to [https://groups.google.com/d/msg/mozilla.dev.tech.crypto/EbWse7Ryj8I/mgNRW4yGAwUJ let us know]. However, we believe that in most cases, the simplest resolution will be to update the SSL certificate in your webserver. | ||
# Mozilla::pkix does not allow x509 version 2 certificates in any position (root, intermediate or End-Entity (EE)) and version 1 certificates are only allowed as trust anchors. | # Mozilla::pkix does not allow x509 version 2 certificates in any position (root, intermediate or End-Entity (EE)) and version 1 certificates are only allowed as trust anchors. | ||
# End certificates used by servers are not allowed to have basic constraints asserting isCA=TRUE. | # End certificates used by servers are not allowed to have basic constraints asserting isCA=TRUE. |