Dear Maintainer,
Since applying the iceweasel security update DSA 3050-1, sites not using SSLv3 but using
SHA1 SSL certificates are not accessible with Iceweasel.  It gives this error message:
"You have asked Iceweasel to connect securely to xxxxxx (site name), but we can't confirm that your
connection is secure."

These sites are reported by https://www.ssllabs.com/ssltest/analyze.html as not serving SSLv3,
but using a SHA1 certificate.  Sites configured absolutely identically, but not using SHA1
certificates, are accessed correctly by Iceweasel.

SHA1 is valid as part of TLS ciphers.  Disabling SSLv3 does not need to disable SHA1 certificates.
I believe the security update was overly aggressive.

I can't reproduce this issue on another machine with the same version of iceweasel.  There must be something wrong with the first iceweasel installation, so please ignore this bug report.  Sorry.

src:iceweasel has been superseded by src:firefox-esr in version
45.0esr-1 in March 2016. Transitional packages to ease upgrades were
provided in the wheezy, jessie, stretch and buster releases. The
transitional packages have been removed finally before the bullseye
release in August 2021.
After regular security support for buster ended in August 2022 and LTS
support ended in June 2024, I'm closing the remaining bug reports now.

Andreas