Desktop and Mobile Firefox throwing a certificate error on the BBS

Mea Culpa.

Short version: Browsers which use HTTP/2 had a brief moment of unhappiness when an unexpected side-effect of a security update caused Confusion and Delay.

Tech-weenie details: I adjusted the TLS cipher suite selection to mitigate the sweet32 attack, and managed to change the priority of cipher selection such that some ciphers blacklisted in HTTP/2 were chosen above other, HTTP/2-friendly ciphers. At first, this only impacted recent Firefox versions, but because no two implementations can ever agree on what a standard actually means, my first attempt at fixing the problem caused problems for IE and Safari instead.

All is well now, and unless some cryptographer comes up with another way to break TLS in the next little while, things should stay well.

13 Likes