Closed Bug 90249 Opened 24 years ago Closed 22 years ago

employeeexpress.gov - 128bit encryption is not seen as enabled by this site

Categories

(Tech Evangelism Graveyard :: English US, defect, P3)

Product:
Tech Evangelism Graveyard
Component:
English US
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: abrody, Unassigned)

References

(
URL
)

Details

(Whiteboard: [USERAGENT])

Using Fizilla 0.9.2 neither site above sees that you can use 128bit encryption and their tests fail Fizilla on the test. Is 128bit encryption there?
http://www.employeeexpress.gov uses useragent sniffing to determine whether a browser is "secure". They explicitly say their test is wrong for "Netscape 6" (and their JS has no branch for it). You should file an evangelism bug on them.... Where on http://www.tsp.gov is the security test? I can't find it.
->PSM
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: ckritzer → junruh
Version: other → 2.0
p2 t->2.1
Priority: -- → P2
Target Milestone: --- → 2.1
Marking NEW.
Status: UNCONFIRMED → NEW
Ever confirmed: true
abrody@smart.net, can you answer my question on http://www.tsp.gov ?
He's probably talking about https://tspweb2.tspsec.tsp.gov/ At the time I tried to go there, the system mentioned a scheduled outage. Someone should try again when the outage has finished to see if it's still a problem. Possibly an evangelism bug too. - Adam
https://tspweb2.tspsec.tsp.gov/ cannot be used directly. One has to go to http://www.tsp.gov and select the "Account access" link, then click on the "Account access" link from the resulting page.
I removed TSP.gov, as now it does appear it works on the latest build and the security at least is working. Whether or not the login works is another thing, it wasn't able to get me a new PIN which I'm going to need since I lost it in my packing for a move! As soon as I move on the 23rd and get my new PIN I'll check it again. Employeeexpress.gov still for some reason won't show me the YES and No images which would show in Explorer.
URL: http://www.tsp.gov http://www.employe...http://www.employeeexpress.gov
Component: Client Library → Security: General
Product: PSM → Browser
Summary: 128bit encryption is not seen as enabled by these sites → 128bit encryption is not seen as enabled by this site
Target Milestone: 2.1 → mozilla0.9.2
Version: 2.0 → other
http://www.employeeexpress.gov, as I explained, assumes that only browsers it "knows" to have strong encryption have strong encryption. The list of acceptable browsers is hardcoded into the page and Mozilla/NS6 are not among them. http://www.employeeexpress.gov/browsers.htm explains their "policy", and says: * Any Netscape 4 version which is 4.06 or greater (other than Version 6.0) Please see the source of http://www.employeeexpress.gov/emain.htm for how they detect "secure browsers". Over to evangelism -- this is not a Mozilla bug.
Assignee: ssaux → bclary
Severity: critical → normal
Component: Security: General → Evangelism
OS: MacOS X → All
Priority: P2 → --
QA Contact: junruh → zach
Hardware: Macintosh → All
Whiteboard: [USERAGENT]
Target Milestone: mozilla0.9.2 → ---
reporter: you probably want the generic bug, mozilla OSX doesn't support https iirc. it should be easy to find, although it's possible it was fixed, i'm 90% sure it isn't.
That would be bug 73390. And it's fixed as of June 27.
All Evangelism Bugs are now in the Product Tech Evangelism. See bug 86997 for details.
Component: Evangelism → US English
Product: Browser → Tech Evangelism
Version: other → unspecified
OK, let me clarify what happens on TSP.gov from http://www.tsp.gov I click on the blue button account access at the top right corner of the screen. Then I get: http://www.tsp.gov/account/ index.html. Next I click on the Account Access in the middle of the window and get: https://tspweb2.tspsec.tsp.gov/ It is after filling in my social security number and pin provided by TSP and clicking on their login button that instead of getting the usual TSP account features I get bounced to an access denied page. This problem does not happen on 0.9.3 August 3rd nightly build for Mac OS 9, but does happen on 0.9.3 August 3rd nightly build for Mac OS X. And yet Omniweb 4.0.3 is also able to handle this page just fine. So it appears that something is amiss with the form handling of certain kinds of secure forms in your Mac OS X version ONLY.
Priority: -- → P3
Summary: 128bit encryption is not seen as enabled by this site → employeeexpress.gov - 128bit encryption is not seen as enabled by this site
mass resassign of all gov sites to the gov component. You may filter for these changes by searching for the string 'wehaveagreatgovernmentintheusa'
Component: US General → US Gov
QA Contact: zach → chrisn
if (nm.indexOf('Netscape5')>-1 && nm.indexOf('Windows; en-US')>-1) { var ok=1 } if (nm.indexOf('Netscape5')>-1 && nm.indexOf('Macintosh')>-1) { var ok=1 } if (nm.indexOf('Netscape 5')>-1 && nm.indexOf('Macintosh')>-1) { var ok=1 ...so Mozilla-based Browsers on MacOS and English Windows (sic!) are allowed? I have a German Mozilla on Linux -> not allowed.. wtf?
tech evang june 2003 reorg
Assignee: bc → english-us
Component: US Gov → English US
QA Contact: chrisn → english-us
this looks fixed to me. It identifies Mozilla 1.5b using a VS 7 .Net Server side control thingy and identifies me as NS7 which is "semi ok". marking Fixed. Reopen if you disgree.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.