Firefox 68 now mislabels my site as now secure. 67 was ok, all other browsers are.
Categories
(Core :: Security: PSM, defect)
Tracking
()
People
(Reporter: jime, Unassigned)
References
()
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Steps to reproduce:
Go to https://www.nova-sw.com/appchkr/secure/purchase-chkr.html with Firefox 68 in Win10. Shows orange triangle on the url bar lock with a '...not secure...' type message. Details after clicking on the info logo claim sha1 128bit encryption, TLS1.0 is weak and not secure. Not sure why since current Chrome and Edge browsers on the same computers connected to the same site at the same time with sha256rsa and so do not make this claim. Why is FFX 68 different? You should work down from the most secure encryption algorithm first, as the others do, not up from the least secure.
Actual results:
FFX 68 on some of my PC's were showing this '...insecure...' error on the https lock in the url bar. I went to another of my computers waiting for a FFX restart to do the FFX upgrade. It was running some version of FFX 67 and showed the site as green. I restarted FFX, completed the 68 upgrade just fine in a few seconds, and immediately the same site showed orange, as soon as the pages restore completed. Clearly a difference between FFX 68 and 67, without any other change anywhere.
Expected results:
Site should show as secure, as in all other browsers, with sha256rsa encryption.
|
||
Comment 1•6 years ago
|
||
|
||
Comment 2•6 years ago
|
||
This is expected, as the server does not support TLS 1.2 or 1.3.
The intent to deprecate and remove TLS 1.0 and 1.1 was announced last year. Note that Chrome, Edge, and Safari have similar plans to remove support beginning as early as March 2020.
Description
•