https on dcms.taipower.com.tw is misconfigured (ssllabs gives it an F)

RESOLVED INVALID

Status

Tech Evangelism
Desktop
RESOLVED INVALID
2 years ago
8 months ago

People

(Reporter: Dan Jacobson, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [needscontact] [https], URL)

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (X11; Linux i686; rv:44.0) Gecko/20100101 Firefox/44.0 Iceweasel/44.0a2
Build ID: 20151104004053

Steps to reproduce:

Browsed https://dcms.taipower.com.tw/tpcGoogleMap/


Actual results:

Got stuck in your
"Secure Connection Failed

An error occurred during a connection to dcms.taipower.com.tw. Peer's certificate has an invalid signature. (Error code: sec_error_bad_signature) "
dialogs.

WITH NO METHOD TO OVERRIDE,

even if the boss is breathing down our neck and we are late for work, etc.

All the user can do is click Report which might report the site to some international police organization or something, the user thinks, only sending this this little problem with the other bureau's programmer, who might be out to lunch at the moment, instead outside the company to that international police organization, he fears.

OK, I am exaggerating, but that is how it looks like to a hurried user.


Expected results:

Should see the site without any problems, like one can do in chromium: 46.0.2490.71-1 . Not one single blip.

Comment 1

2 years ago
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0
20151124030553

(In reply to Dan Jacobson from comment #0)
> sec_error_bad_signature

In the latest Nightly, the error I'm getting is sec_error_unknown_issuer. SSL Labs says the certificate is not trusted and the chain is incomplete:
https://www.ssllabs.com/ssltest/analyze.html?d=dcms.taipower.com.tw

> WITH NO METHOD TO OVERRIDE,

Bug 403220.
Component: Untriaged → Security: PSM
Product: Firefox → Core
(Reporter)

Comment 2

2 years ago
Well chrome thinks it is fine. What do you think about that? If it is really bad then can you make a chrome bug report please to back up the fact that it is really bad?
Chrome attempts to fetch intermediate certificates that may be missing in the handshake. Firefox does not (for a few reasons: privacy, performance, the fact that the locations of the missing intermediates come from an untrusted source, etc.). That's probably why this works in Chrome and not Firefox. In any case, the site is incorrectly configured. The administrators need to fix it.
Component: Security: PSM → Desktop
Product: Core → Tech Evangelism
Summary: Secure Connection Failed, no way to see site. Works fine in Chrome → https on dcms.taipower.com.tw is misconfigured (ssllabs gives it an F)
Version: 44 Branch → unspecified
(Reporter)

Comment 4

2 years ago
Well nonetheless, one major league browser gets through with not the least murmur, one other major league browser defends the user 100% blocking the site "over my dead body you will not get to this site".

There should be a valid bug against one or the other. I have no opinion which.
Whiteboard: [needscontact] [https]
Site no longer exists, it seems.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 months ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.