Browser: hpkp fails

asked 2015-10-05 12:20:54 +0200

cy8aer gravatar image

updated 2015-10-05 12:40:25 +0200

According to the tests of https://projects.dm.id.lv/Public-Key-Pins_test the hpkp test https://pkptest.projects.dm.id.lv/ fails:

expected:

Page cannot be loaded

actual browser:

The actual browser shows a page which informs a failed hpkp test.

On https://projects.dm.id.lv/Public-Key-Pins_test, part Browser Compatibility Test we se a red "not supported" in HPKP line.

edit retag flag offensive close delete

Comments

1

because with 1.9.x we have a problem to open about:config I cannot say anything about the following parameters out of the browser (prefs.js later...):

  • security.cert_pinning.enforcement_level (Firefox 35+ value 1)
  • security.cert_pinning.process_headers_from_not_builtin_roots (Firefox 35+ value false)

These parameters are not explicit set in prefs.js

cy8aer ( 2015-10-05 12:25:26 +0200 )edit
1

tried:

user_pref("security.cert_pinning.enforcement_level", 1);
user_pref("security.cert_pinning.process_headers_from_non_builtin_roots", false);

in prefs.js. Does not work either...

cy8aer ( 2015-10-05 14:34:17 +0200 )edit

To be fair, Firefox had exactly the ame problem. The update fixing it came out only this morning (41.0.1, 2015-10-05).

pichlo ( 2015-10-05 16:15:39 +0200 )edit