Closed
Bug 1132869
Opened 9 years ago
Closed 9 years ago
Successful TLS connection information not always available
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1126413
People
(Reporter: kosmo.zb, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0 Build ID: 20150209164123 Steps to reproduce: 1. Browse <https://html.spec.whatwg.org/>. Actual results: There was a grey exclamatory triangle next to the URL. On clicking, the popup states: ------- This website does not supply identity information. The connection to the website is not fully secure because it contains unencrypted elements (such as images) or the encryption is not strong enough. ------- On clicking "More Information...", the window states: ------- Website Identity: Website: html.spec.whatwg.org Owner: This website does not supply ownership information. Verified by: Not specified Technical Details Connection Partially Encrypted Parts of the page you are viewing were not encrypted or the encryption is not strong enough before being transmitted over the Internet. Information sent over the Internet without encryption can be seen by other people while it is in transit. ------- No "View Certificate" button is present. Qualys doesn't seem to have a problem with showing me the certificate chain and cipher in use <https://www.ssllabs.com/ssltest/analyze.html?d=html.spec.whatwg.org>. No specifically insecure page elements are listed in the Security tab or the Media tab. Expected results: The certificate received should be available (along with what, specifically, caused it to fail Firefox's check). The ciphersuite in use should be easily visible. The insecure elements or requests (if any) should be available.
Comment 1•9 years ago
|
||
https://images.whatwg.org/fingerprint.png is enough to see the issue. The reason is that the server supports according to https://www.ssllabs.com/ssltest/analyze.html?d=images.whatwg.org only >Cipher Suites (sorted by strength; the server has no preference) >TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK and RC4 is considered broken according to bug 1093595 and Firefox displays the error message in the identity information from that Patch "... encryption is not strong enough"
Component: General → Security: UI
Flags: needinfo?(VYV03354)
Product: Firefox → Core
Updated•9 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Flags: needinfo?(VYV03354)
Resolution: --- → DUPLICATE
Assignee | ||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•