Yesterday we checked in a larger change to the trunk that affects secure
connections (SSL/TLS) in all Mozilla applications.

The new code is active whenever you access a site using a protocol like
https:// or imap+ssl or smtp+tls, etc.

The purpose of the change is to make OCSP (certificate validation) work
through proxies (see bug 111384).

When testing nightly trunk builds of Firefox, Thunderbird or SeaMonkey,
please report any regressions in bugzilla.mozilla.org to the
"Core/Security PSM" component.

Should the change have introduced regressions to SSL/TLS, you should run
into them, regardless whether you actually use the OCSP feature.

However, if you'd like to test further, feel free to enable the "Use
OCSP to validate certificates that specify an OCSP service URL" feature.
Even if you're behind a firewall that requires the use of a proxy, it
should work with latest nightly trunk builds.

To enable go to:
Firefox: Edit/Prefs/Advanced/Security/Verification
Thunderbird: Edit/Prefs/Privacy/Security/Verification
SeaMonkey: Edit/Prefs/Privacy&Security/Validation

Thanks for your help!
Kai

Is the error message ("Dearpark and secureads.ft.com can not
communicate securily because they have no common encryption
algorithms?") generated from
http://news.ft.com/cms/s/257d272e-c665-11da-99fa-0000779e2340.html
anything to do with this?

No, https://secureads.ft.com/ is an OLD "export" version of the Netscape
Enterprise Server, version 3.6, which only was capable of the old "40-bit"
cipher suites.  Those 40-bit cipher suites are now disabled by default
in deerpark.  AFAIK, that has nothing to do with Kai's recent work.

Thanks for reporting that site.
--
Nelson B

Yes, this is a known issue with that site:
https://bugzilla.mozilla.org/show_bug.cgi?id=332667

Kai Engert has sent a message to the webmaster of that
site.

Wan-Teh