We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox 39.02a Developer Edition supports RSASSA-PSS algorithm: Will it be in the final release for sure?

  • 5 replies
  • 3 have this problem
  • 18 views
  • Last reply by cdeibert

more options

Firefox 39.02a Developer Edition supports RSASSA-PSS (1.2.840.113549.1.1.10) algorithm, a PKCS#1 v1.5 signature: I couldn't find any Release Notes about it, but support seems to be implemented since 39.02a: As it is a crucial decision for us as a company I need to know if it'll be implemented in the final release of FF 39 and if 2015-06-29 is still accurate as the announced release date for this version of Firefox.

Kind regards, Carsten

Firefox 39.02a Developer Edition supports RSASSA-PSS (1.2.840.113549.1.1.10) algorithm, a PKCS#1 v1.5 signature: I couldn't find any Release Notes about it, but support seems to be implemented since 39.02a: As it is a crucial decision for us as a company I need to know if it'll be implemented in the final release of FF 39 and if 2015-06-29 is still accurate as the announced release date for this version of Firefox. Kind regards, Carsten

All Replies (5)

more options

Sorry, Typo: It's Firefox 39.0a2 :)

more options

I'm fairly sure this isn't supported, actually. Are your sure your certificate isn't falling back to a different algorithm?

This bug is where support for RSA PPS was happening, but it has been around since 2002, and hasn't been updated in over a year.

If you are absolutely sure that it is supported (although I'm fairly sure it isn't), then there is a very large chance it will make it into release. However, nothing is guaranteed. If a change causes major problems, it will be removed. As far as release dates, that won't change. Sometimes, the release will be held back by a few days (rarely up to a week) if there is a major problem with it, but that doesn't happen very often.

more options

Thanks for your answer. Well, at least I can tell it works in FF 39.0a2 and also in FF 40.0a1 whih actually would not be a total surprise as IE and Chrome both support RSA PPS. As always in life: It would be better to actually know than to believe (no offense!): How can the devs be contacted? Somebody needs to know for sure.

more options

See also:

  • bug 1088140 - SEC_ERROR_BAD_DER on certificates with RSA-PSS signatures and/or RSA-PSS public keys
more options

Thank you all! One final thing: FF37/38 both have a problem with TLS_RSA_WITH_AES_128_CBC_SHA and TLS 1.2: I habe to turn it off serverwise and only allow for TLS 1.0: Known?