Turn off the Ad Banner  

To print: Select File and then Print from your browser's menu.

    -----------------------------------------------
This story was printed from CdrInfo.com,
located at http://www.cdrinfo.com.
-----------------------------------------------

Appeared on: Friday, April 25, 2014
Mozilla To Strengthen SSL Certificate Verification in Firefox

Mozilla will implement a new certificate verification library in the Firefox 31 broser coming this July, and will reward for any critical security flaw found and reported in the new library's code.

Many of the certificate verification changes in the new library are subtle and are related to technical requirements specified in the "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates" issued by the Certification Authority/Browser (CAB) Forum. However, some of the behavior modifications also stem from changes Mozilla made to its own policy for trusting CA certificates.

While the majority of Firefox users are unlikely to notice anything out of the ordinary as a result of the new certificate verification system, some HTTPS websites might encounter problems.

"While we have performed extensive compatibility testing, it is possible that your website certificate will no longer validate with Firefox 31," the Mozilla Security Engineering Team said Thursday in a blog post. "This should not be a problem if you use a certificate issued by one of the CAs in Mozilla's CA Program, because they should already be issuing certificates according to Mozilla's CA Certificate Policy and the BRs (CAB Baseline Requirements)."

Mozilla also created a special bug bounty program that will pay out US$10,000 for any critical security flaw found and reported in the new library's code until the end of June.




Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2024 - All rights reserved -
Privacy policy - Contact Us .