Closed Bug 1718744 Opened 3 years ago Closed 3 years ago

[Bug] Secure connection failed on a secure website (salutelazio.it)

Categories

(GeckoView :: GeckoViewExample, defect)

Unspecified
Android
defect

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: mcarare, Unassigned)

References

Details

From github: https://github.com/mozilla-mobile/fenix/issues/20206.

Steps to reproduce

  1. Visit the official website of the Italian Lazio Regional Health System: https://www.salutelazio.it

Expected behavior

Firefox for Android should show that the connection is secure, as it is shown on Google Chrome (both mobile and desktop), Firefox for Desktop and some Firefox for Android revisions.

https://user-images.githubusercontent.com/85299944/123942084-7887e280-d9a3-11eb-8af7-68169c430310.mp4

https://user-images.githubusercontent.com/85299944/123946230-a53df900-d9a7-11eb-88e9-cfee59e5106e.mp4

Actual behavior

A "Secure Connection Failed" page is showed.

https://user-images.githubusercontent.com/85299944/123942312-b08f2580-d9a3-11eb-8fd5-afc24b6bf2bb.mp4

Device information

  • Device vendor / model and Android version: Samsung Galaxy A20s (ARM64, Android 10 (beta and nightly), Samsung Galaxy J2 Prime (ARMV7, Android 6.1.1 (stable)

  • Firefox for Android version:
    Nightly 2021-06-29T17:37:50.207
    91.0a1 (Build #2015819211)
    AC: 91.0.20210629143047, 8904b55efe
    GV: 91.0a1-20210629092640
    AS: 79.0.0

    Beta 90.0.0-beta.6 (Build #2015818371)
    AC: 90.0.11, 536cb9fe13
    GV: 90.0-20210624190035
    AS: 77.0.2

    Stable 89.1.1 (Build #2015812945)
    AC: 75.0.22, 5204f4025
    GV: 89.0-20210527174632
    AS: 74.0.1

Note

Desktop browsers are not affected

Big thanks to @quaqo for discovering this issue!

Change performed by the Move to Bugzilla add-on.

Server needs to install the intermediate cert listed as #2.

1 Sent by server www.salutelazio.it
Fingerprint SHA256: 8fee1055c903a8a1641a2045d49b11e094cb4745d96f24b398faa387a11625a2
Pin SHA256: ZXVMOHymvhR2cdE5P738VfuD+9qQyqifMUvECossmqI=
RSA 2048 bits (e 65537) / SHA256withRSA
2 Extra download GlobalSign RSA OV SSL CA 2018
Fingerprint SHA256: b676ffa3179e8812093a1b5eafee876ae7a6aaf231078dad1bfb21cd2893764a
Pin SHA256: hETpgVvaLC0bvcGG3t0cuqiHvr4XyP2MTwCiqhgRWwU=
RSA 2048 bits (e 65537) / SHA256withRSA
3 In trust store GlobalSign Self-signed
Fingerprint SHA256: cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
Pin SHA256: cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A=
RSA 2048 bits (e 65537) / SHA256withRSA

Preloading the intermediates as described in bug 1520297 would also resolve this.

Status: NEW → RESOLVED
Closed: 3 years ago
Depends on: 1520297
Resolution: --- → INVALID
See Also: → 1835342
You need to log in before you can comment on or make changes to this bug.