Closed Bug 1139046 Opened 9 years ago Closed 9 years ago

(www.)pretzellogix.net is RC4 and Camellia only

Categories

(Web Compatibility :: Site Reports, defect)

Product:
Web Compatibility
Component:
Site Reports
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bugzilla, Unassigned)

References

(
URL
)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0
Build ID: 20150224133805

Steps to reproduce:

Went to website in Firefox 36.0: https://www.pretzellogix.net


Actual results:

Grey triangle appears and when clicked on says "partially encrypted connection". No certificate is available to be examined despite this being a fully encrypted HTTPS site.


Expected results:

In Firefox 35.0, the same website shows the grey lock symbol and the certificate button appears and can be examined.
This might be a duplicate of this other bug: https://bugzilla.mozilla.org/show_bug.cgi?id=947079

But I'm not sure since this other bug seems to indicate that the bug was still there in Firefox 35.0, yet I did not experience this issue in FF 35.0.
OS: Linux → All
The message in the triangle doesn't contain only "mixed content" but also "encryption is not strong enough".

The reason in this case is that the encryption is not strong enough because the Cipher handshake ends with RC4.
The result from https://www.ssllabs.com/ssltest/analyze.html?d=pretzellogix.net

>TLS 1.2 	Yes	
>TLS 1.1 	Yes
>TLS 1.0 	Yes
>SSL 3 	No	
>SSL 2 	Yes


Cipher suites:
>TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)   WEAK		128
>TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK		128
>TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 	256
>TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 

CAMELLIA is not supported anymore by Firefox and RC4 is weak encryption and triggers the triangle.

Moving to PSM to confirm my findings and to mark this invalid
Component: Untriaged → Security: PSM
Product: Firefox → Core
(In reply to Matthias Versen [:Matti] from comment #2)
> The message in the triangle doesn't contain only "mixed content" but also
> "encryption is not strong enough".
> 
> The reason in this case is that the encryption is not strong enough because
> the Cipher handshake ends with RC4.
> The result from
> https://www.ssllabs.com/ssltest/analyze.html?d=pretzellogix.net
> 
> >TLS 1.2 	Yes	
> >TLS 1.1 	Yes
> >TLS 1.0 	Yes
> >SSL 3 	No	
> >SSL 2 	Yes
> 
> 
> Cipher suites:
> >TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)   WEAK		128
> >TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK		128
> >TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 	256
> >TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 
> 
> CAMELLIA is not supported anymore by Firefox and RC4 is weak encryption and
> triggers the triangle.
> 
> Moving to PSM to confirm my findings and to mark this invalid

Indeed this is correct. Morphing this bug into a TE bug instead.
Blocks: RC4-Dependence
URL: https://www.pretzellogix.net
Status: UNCONFIRMED → NEW
Component: Security: PSM → Desktop
Ever confirmed: true
Product: Core → Tech Evangelism
Hardware: x86_64 → All
Summary: Firefox 36.0 shows grey (!) triangle (partially unencrypted connection) -- ver 35.0 showed grey lock symbol → (www.)pretzellogix.net is RC4 and Camellia only
Version: 36 Branch → unspecified
> Server hostname 	50-87-223-114.unifiedlayer.com 

Yet another unifiedlayer.com instance (others are bug 1133312 and bug 1137444). We should contact the hosting company because probably the site owners have no ability to change the server settings.
Fixed.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.