(In reply to Wolfgang Rosenauer from comment #10) > I'm pretty sure I've got the right packages installed to test. But I only > was able to look at the certificate module manager. For some reason my > cacert access is not working anyway. Firefox is telling me that the > algorithms are disabled for security reasons. You're getting this error? | Your connection is not secure | [...] | ADVANCED | secure.cacert.org uses an invalid security certificate. The certificate is | not trusted because it was signed using a signature algorithm that was | disabled because that algorithm is not secure. Error code: | SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED That actually seems to be an misconfiguration by CaCert or maybe it's a misunderstanding by Firefox, because the CaCert root CA isn't in Firefox by default and uses MD5 (for a root CA itself it's still OK to use MD5, but Firefox just doesn't know, that CaCert is a root CA). Just click ADD_EXCEPTION and disable PERMANENTLY_STORE_THIS_EXCEPTION for the moment. > But if I understand you correctly: > The TW version from mozilla works on 42.3 correctly while the 42.3 version > on TW and 42.3 does not, right? Yes! Like that. > Both are built from the same sources and spec so a guess would be some > miscompilation. > Have you also switched all the NSS packages or just Firefox? For both tests (Firefox for TW on 42.3 and Firefox for 42.3 on TW) I installed all the NSS packages from mozilla. Actually I switched every required package to the mozilla repo, if available from that repo. MozillaFirefox MozillaFirefox-branding-openSUSE kmozillahelper libfreebl3 libnsssharedhelper0 libsoftokn3 mozilla-nspr mozilla-nspr-devel mozilla-nss mozilla-nss-devel mozilla-nss-certs The only idea I'm currently having: Maybe Firefox-57 (or one of the just listed packages) needs to be build against libz1 >= 1.2.9 (TW has libz1-1.2.11)!? Because on 42.3 I needed to update libz1 from 1.2.8 to >= 1.2.9 to make Firefox-57 work.