This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox 39.02a Developer Edition supports RSASSA-PSS algorithm: Will it be in the final release for sure?

  • 5 replies
  • 3 have this problem
  • 18 views
  • Last reply by cdeibert

more options

Firefox 39.02a Developer Edition supports RSASSA-PSS (1.2.840.113549.1.1.10) algorithm, a PKCS#1 v1.5 signature: I couldn't find any Release Notes about it, but support seems to be implemented since 39.02a: As it is a crucial decision for us as a company I need to know if it'll be implemented in the final release of FF 39 and if 2015-06-29 is still accurate as the announced release date for this version of Firefox.

Kind regards, Carsten

Firefox 39.02a Developer Edition supports RSASSA-PSS (1.2.840.113549.1.1.10) algorithm, a PKCS#1 v1.5 signature: I couldn't find any Release Notes about it, but support seems to be implemented since 39.02a: As it is a crucial decision for us as a company I need to know if it'll be implemented in the final release of FF 39 and if 2015-06-29 is still accurate as the announced release date for this version of Firefox. Kind regards, Carsten

All Replies (5)

more options

Sorry, Typo: It's Firefox 39.0a2 :)

more options

I'm fairly sure this isn't supported, actually. Are your sure your certificate isn't falling back to a different algorithm?

This bug is where support for RSA PPS was happening, but it has been around since 2002, and hasn't been updated in over a year.

If you are absolutely sure that it is supported (although I'm fairly sure it isn't), then there is a very large chance it will make it into release. However, nothing is guaranteed. If a change causes major problems, it will be removed. As far as release dates, that won't change. Sometimes, the release will be held back by a few days (rarely up to a week) if there is a major problem with it, but that doesn't happen very often.

more options

Thanks for your answer. Well, at least I can tell it works in FF 39.0a2 and also in FF 40.0a1 whih actually would not be a total surprise as IE and Chrome both support RSA PPS. As always in life: It would be better to actually know than to believe (no offense!): How can the devs be contacted? Somebody needs to know for sure.

more options

See also:

  • bug 1088140 - SEC_ERROR_BAD_DER on certificates with RSA-PSS signatures and/or RSA-PSS public keys
more options

Thank you all! One final thing: FF37/38 both have a problem with TLS_RSA_WITH_AES_128_CBC_SHA and TLS 1.2: I habe to turn it off serverwise and only allow for TLS 1.0: Known?