Open
Bug 1134086
Opened 8 years ago
Updated 8 months ago
Firefox should not display "Broken Security" message and cipher suites if the top level page does not use a weak encryption
Categories
(Firefox :: Security, defect)
Firefox
Security
Tracking
()
NEW
People
(Reporter: emk, Unassigned)
References
()
Details
Steps to reproduce: 1. Open <https://mega.co.nz/>. An exclamation mark in grey triangle icon will be shown in the url bar 2. Click the grey triangle icon. 3. Click "More Information..." Actual result: Broken Encryption (TLS_RSA_WITH_AES_256_CBC_SHA, 256 bit keys, TLS 1.2) Expected result: Connection Partially Encrypted The current message is confusing because TLS_RSA_WITH_AES_256_CBC_SHA itself is not broken. It's RC4 from a subresource.
|
||
Comment 1•8 years ago
|
||
I'm seeing the same thing when I try to pay via paypal from third-party sites that allow paying via paypal as an option. When the paypal login screen comes up, I have a grey triangle exclamation point icon in the URL bar. Clicking on it to get more information tells me: Broken Encryption (TLS_RSA_WITH_AES_256_CBC_SHA, 256 bit keys, TLS 1.2)
|
|
||
Comment 2•8 years ago
|
||
Should have said: this is with 38.0.5
Just experienced the same thing. Using version 42.0 It just happened in the portuguese (pt-pt) version of Firefox (my native language). https://www.rt.com/news/323049-third-bomber-paris-stadium/ Showing a "Broken Encryption". In the certificate details windows, it's showing SHA-256 and not SHA-1, so i don't get why it's doing that. Opened in safe mode: same thing. Tried an english portable version (also 42.0) and it shows correctly "Connection Partially Encrypted"
|
||
Updated•8 months ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•