Please support RFC 5746 (http://tools.ietf.org/html/rfc5746) on the samba.org SSL sites. In the future, this will be required for them to receive the blue SSL badge in Firefox (see https://bugzilla.mozilla.org/show_bug.cgi?id=535649). It should just be a matter of upgrading OpenSSL to >= 1.0.0.
at least bugzilla.samba.org has the blue badge in FF4, even though there is no openssl 1.x istalled. All servers will be updated sooner or later anyhow and get support for that by the new openssl version then, right? We won't update a server just to support "this nice to have" rfc 5746 stuff, so I'm closing this as a "worksforme".
I retested all the Samba sites, and they appear to be fixed now. (In reply to comment #1) > at least bugzilla.samba.org has the blue badge in FF4, security.ssl.treat_unsafe_negotiation_as_broken still defaults to false in Firefox 4, so that means nothing unless you changed the pref manually. > even though there is no > openssl 1.x istalled. All servers will be updated sooner or later anyhow and > get support for that by the new openssl version then, right? Right. In fact, openssl 0.9.8g-15+lenny10 with renegotiation indication support (backported from newer upstream openssl) was released on January 6, and the feature had been in squeeze long before that. > We won't update a > server just to support "this nice to have" rfc 5746 stuff, so I'm closing this > as a "worksforme". The correct resolution in such a case would be WONTFIX. But the problem is in fact fixed.
thanks for the feedback, Matt!