Mmm, I guess a little goolging never hurts:
https://developer.mozilla.org/NSS_3.12.5_release_notes
All SSL3/TLS renegotiation is disabled by default in NSS 3.12.5, which
is used in bleeding-edge Mozilla stuff...
Good to know...
Is there a way to disable this feature for a domain, a destination ?
temporarily ?
I see there that " If an application depends on renegotiation feature,
it can be enabled by setting the environment variable
NSS_SSL_ENABLE_RENEGOTIATION to 1. By setting this environmental
variable, the fix provided by these patches will have no effect and the
application may become vulnerable to the issue."
How can I set this environment variable ? is there a preference to set
in about:config ?
thanks to all (and thanks to all the developers for Seamonkey !!)
Dominique
Environment variables are set outside of SeaMonkey. How/where you set
them depends on your operating system. For example, if you're running
Windows/XP, one way is to right click on the My Computer desktop icon
and select Properties. Then click on the Advanced tab, then the
Environment Variables button.
On this page, you can set the Environment variable for the logged-in
user, or for all users (system variables). Note that if you set it
for the logged-in user, you may need to log out and back in for the
setting to take effect.
Best Regards,
Thanks a lot !
Something to remember as the vulnerability is still open !
Dominique