(www.)pretzellogix.net is RC4 and Camellia only

RESOLVED FIXED

Status

RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: bugzilla, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

4 years ago
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0
Build ID: 20150224133805

Steps to reproduce:

Went to website in Firefox 36.0: https://www.pretzellogix.net


Actual results:

Grey triangle appears and when clicked on says "partially encrypted connection". No certificate is available to be examined despite this being a fully encrypted HTTPS site.


Expected results:

In Firefox 35.0, the same website shows the grey lock symbol and the certificate button appears and can be examined.
(Reporter)

Comment 1

4 years ago
This might be a duplicate of this other bug: https://bugzilla.mozilla.org/show_bug.cgi?id=947079

But I'm not sure since this other bug seems to indicate that the bug was still there in Firefox 35.0, yet I did not experience this issue in FF 35.0.
(Reporter)

Updated

4 years ago
OS: Linux → All
The message in the triangle doesn't contain only "mixed content" but also "encryption is not strong enough".

The reason in this case is that the encryption is not strong enough because the Cipher handshake ends with RC4.
The result from https://www.ssllabs.com/ssltest/analyze.html?d=pretzellogix.net

>TLS 1.2 	Yes	
>TLS 1.1 	Yes
>TLS 1.0 	Yes
>SSL 3 	No	
>SSL 2 	Yes


Cipher suites:
>TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)   WEAK		128
>TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK		128
>TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 	256
>TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 

CAMELLIA is not supported anymore by Firefox and RC4 is weak encryption and triggers the triangle.

Moving to PSM to confirm my findings and to mark this invalid
Component: Untriaged → Security: PSM
Product: Firefox → Core

Comment 3

4 years ago
(In reply to Matthias Versen [:Matti] from comment #2)
> The message in the triangle doesn't contain only "mixed content" but also
> "encryption is not strong enough".
> 
> The reason in this case is that the encryption is not strong enough because
> the Cipher handshake ends with RC4.
> The result from
> https://www.ssllabs.com/ssltest/analyze.html?d=pretzellogix.net
> 
> >TLS 1.2 	Yes	
> >TLS 1.1 	Yes
> >TLS 1.0 	Yes
> >SSL 3 	No	
> >SSL 2 	Yes
> 
> 
> Cipher suites:
> >TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)   WEAK		128
> >TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK		128
> >TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 	256
> >TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 
> 
> CAMELLIA is not supported anymore by Firefox and RC4 is weak encryption and
> triggers the triangle.
> 
> Moving to PSM to confirm my findings and to mark this invalid

Indeed this is correct. Morphing this bug into a TE bug instead.
Blocks: 1138101
Status: UNCONFIRMED → NEW
Component: Security: PSM → Desktop
Ever confirmed: true
Product: Core → Tech Evangelism
Hardware: x86_64 → All
Summary: Firefox 36.0 shows grey (!) triangle (partially unencrypted connection) -- ver 35.0 showed grey lock symbol → (www.)pretzellogix.net is RC4 and Camellia only
Version: 36 Branch → unspecified
> Server hostname 	50-87-223-114.unifiedlayer.com 

Yet another unifiedlayer.com instance (others are bug 1133312 and bug 1137444). We should contact the hosting company because probably the site owners have no ability to change the server settings.
Fixed.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.