http://bugzilla.suse.com/show_bug.cgi?id=1071298 Bug ID: 1071298 Summary: openSUSE Firefox-57 can't use x509 client authentication Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Firefox Assignee: bnc-team-mozilla@forge.provo.novell.com Reporter: duge@pre-sense.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I hope this is the right place for this. If I use Firefox-57 from the download.opensuse.org Mozilla repo on openSUSE 42.3, I can't use x509 client authentication anymore. https://download.opensuse.org/repositories/mozilla/openSUSE_Leap_42.3/ Instead of a dialog asking me to choose a certificate, I'm getting this message: | Secure Connection Failed | | An error occurred during a connection to intern.pre-sense.de. SSL peer | was unable to negotiate an acceptable set of security parameters. | Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT | | The page you are trying to view cannot be shown because the | authenticity of the received data could not be verified. | Please contact the website owners to inform them of this problem. ATTENTION: This is the same message, as if you don't have any x509 client certificate installed in Firefox. So make sure to import your certificate into Firefox before testing. For testing create an account at https://www.cacert.org, get a certificate and enable it for authentication with CaCert. Then try to login via client certificate. It's not working with: - Firefox-57 from https://download.opensuse.org/repositories/mozilla/openSUSE_Leap_42.3/ It's working with: - The official Firefox-52.5.0 from openSUSE-42.3 - Firefox-57 downloaded directly from Mozilla: https://ftp.mozilla.org/pub/firefox/releases/57.0.1/linux-x86_64/ - The official Firefox-57.0.1 on openSUSE-Tumbleweed-KDE-Live-x86_64-Snapshot20171204-Media.iso I installed the following packages from the download.opensuse.org Mozilla repo (also tested with Firefox-57.0.1 before a few minutes): MozillaFirefox-57.0-4.2.x86_64 MozillaFirefox-branding-openSUSE-45-3.1.x86_64 MozillaFirefox-translations-common-57.0-4.2.x86_64 libnsssharedhelper0-1.0.10-1.1.x86_64 libsoftokn3-3.33-2.1.x86_64 libfreebl3-3.33-2.1.x86_64 mozilla-nspr-4.17-1.1.x86_64 mozilla-nspr-devel-4.17-1.1.x86_64 mozilla-nss-3.33-2.1.x86_64 mozilla-nss-devel-3.33-2.1.x86_64 mozilla-nss-certs-3.33-2.1.x86_64 I maybe got one little clue what's wrong: In Firefox-57 from mozilla.org and Tumbleweed-20171204 Settings -> Advanced -> Certificates -> Security Devices -> Software Security Device -> Status says: Ready In Firefox-57 from that download.opensuse.org Mozilla repo Status says: Not Logged In If I click "Log In" Firefox asks for the master password and aftrwards the status is "Logged In". But I don't get status "Ready". Additionally in Firefox-52.5.0 from the normal openSUSE-42.3 repos, the value for "FW Version" is "6.0". But for Firefox-57 from mozilla.org, download.opensuse.org->mozilla and Tumbleweed-20171204 "FW Version" is "0.0". Nevertheless, Firefox-57 from mozilla.org and Tumbleweed are working fine for x509 client authentication. -- You are receiving this mail because: You are on the CC list for the bug.