Closed Bug 1407567 Opened 4 years ago Closed 4 years ago

Categories

(Web Compatibility :: Desktop, defect)

Firefox 56
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: Fritz, Unassigned)

References

()

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Build ID: 20171002220106

Steps to reproduce:

I tried to oen a blooger entry, then I tried to log into Firefox


Actual results:

You made me mad. "www.sarnerblog.blogger.de verwendet ein ungültiges Sicherheitszertifikat. Das Zertifikat gilt nur für folgende Namen: *.blogger.de, blogger.de Fehlercode: SSL_ERROR_BAD_CERT_DOMAIN" Wrong certificate for blogger? 


Expected results:

1. a publicly readable site should not be encrypted. What for? 
2. and if you play around with security, think of your users. It took me ages to (forcibly) redo my password. Who ever is so important that he or she needs a 12 digit password, when writing to you. Stop all this fooling around and give us a simple, fast browser. Leave encryption to the user. Do not enforce extreme complication. Fritz@Joern.De
It's website page issue, that it provides bad and wrong certificate for encrypted connection, which fails due to this. So report this issue to website page developer.
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
Well, blogger is part of Google (https://en.wikipedia.org/wiki/Blogger_(service)) and I won’t tell them that their certificates are bad. Allow me to translate the message I got from Firefox: "www.sarnerblog.blogger.de uses an invalid certificate. The certificate is only valid for the following names: *.blogger.de, blogger.de Error code: SSL_ERROR_BAD_CERT_DOMAIN". That’s a contradiction by itself.
In my case when I go to
> https://sarnerblog.blogger.de/"
I'm getting
> Sorry!
> 
> Die URL konnte nicht gefunden werden!"
so looks like really URL isn't valid.

You can also contact creator of this blogger entry,
so maybe hyperlink will be fixed to proper one.
Thank you. I am myself the creator of this blog, but I work it from Germany and from Italy. Blogger seems to change country code (i.e. .de and .it) by itself. The "blogger"blog "blogspot" seems also to fool around with security. When I address https://www.sarnerblog.blogger.de/ from Germany, where I am currently, Firefix warns me of an insecure connection, and says: Der Inhaber von www.sarnerblog.blogger.de hat die Website nicht richtig konfiguriert. "Firefox hat keine Verbindung mit dieser Website aufgebaut, um Ihre Informationen vor Diebstahl zu schützen." – "The owner has not correctly configured the site www.sarnerblog.blogger.de. Firefox did not open a connection with this website, so as to protect your informations from theft". However when I address a specific post like http://sarnerblog.blogspot.de/2017/02/blick-von-der-schlogg.html I get through all right. When I manually take off the s in https://www.sarnerblog.blogger.de/ and address http://www.sarnerblog.blogger.de/, Firefox adds the s to give https and so back to square one for me. Further I suspect that Blogger isn’t sure how to address the posts, e.g. http://sarnerblog.blogspot.com/2017/02/der-sarnerblog.html. With my other blog Blogger suggests as permalink a https link like https://blogabissl.blogspot.com/2017/10/windows-10-unusable-on-hppavilion-x2.html, and when used, Firefox (or blogspot?) changes that to https://blogabissl.blogspot.de/2017/10/windows-10-unusable-on-hppavilion-x2.html, i.e. .com to .de (even .it works). If I address without s like http://blogabissl.blogspot.de/2017/10/windows-10-unusable-on-hppavilion-x2.html I get through without complaints from Firefox, and the link (URL) shortens to just blogabissl.blogspot.de/2017/10/windows-10-unusable-on-hppavilion-x2.html, never minding security? – I just tried to make a test blog entry for you. Here it is: http://blogabissl.blogspot.com/2017/10/test-blog-for-encryption-https.html. Blogspot seems to have given up trying encryption on me. That solves it.
Oh, true, it's really odd, still in end, it's website page issue,
but I will reopen this bug, as Blogger is kinda big service, so it maybe will get some attention from Google devs.
Status: RESOLVED → REOPENED
Component: Untriaged → Desktop
Ever confirmed: true
Product: Firefox → Tech Evangelism
Resolution: INVALID → ---
Summary: Much too much security! → "SSL_ERROR_BAD_CERT_DOMAIN" error on blogger (blogspot works fine)
Version: 56 Branch → Firefox 56
Looking on https://webcompat.com/issues/12369
It's wrong redirection link, that with "www.", which shouldn't be used.
So in the end, I'm marking this as INVALID.
Status: NEW → RESOLVED
Closed: 4 years ago4 years ago
QA Contact: Virtual
Resolution: --- → INVALID
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.