Open Bug 1134086 Opened 7 years ago Updated 6 years ago

Firefox should not display "Broken Security" message and cipher suites if the top level page does not use a weak encryption


(Firefox :: Security, defect)

Not set




(Reporter: emk, Unassigned)




Steps to reproduce:
1. Open <>. An exclamation mark in grey triangle icon will be shown in the url bar
2. Click the grey triangle icon.
3. Click "More Information..."

Actual result:
Broken Encryption (TLS_RSA_WITH_AES_256_CBC_SHA, 256 bit keys, TLS 1.2)

Expected result:
Connection Partially Encrypted

The current message is confusing because TLS_RSA_WITH_AES_256_CBC_SHA itself is not broken. It's RC4 from a subresource.
I'm seeing the same thing when I try to pay via paypal from third-party sites that allow paying via paypal as an option.  When the paypal login screen comes up, I have a grey triangle exclamation point icon in the URL bar.  Clicking on it to get more information tells me:

Broken Encryption (TLS_RSA_WITH_AES_256_CBC_SHA, 256 bit keys, TLS 1.2)
Should have said:  this is with 38.0.5
Just experienced the same thing.
Using version 42.0
It just happened in the portuguese (pt-pt) version of Firefox (my native language). 

Showing a "Broken Encryption". 
In the certificate details windows, it's showing SHA-256 and not SHA-1, so i don't get why it's doing that.
Opened in safe mode: same thing.

Tried an english portable version (also 42.0) and it shows correctly "Connection Partially Encrypted"
You need to log in before you can comment on or make changes to this bug.