Secure connection failed when accessing aide.laposte.fr
Categories
(Web Compatibility :: Site Reports, defect)
Tracking
(Not tracked)
People
(Reporter: petru, Unassigned)
References
Details
From github: https://github.com/mozilla-mobile/focus-android/issues/6710.
Steps to reproduce
- Navigate to: https://aide.laposte.fr/contenu/validite-des-timbres-apres-un-changement-de-tarif.
- Observe the result.
Expected behavior
The page loads as expected.
Actual behavior
A "Secure connection failed" message is displayed.
Device information
- Operating System: Android 11
- Android device: Samsung A51 (Android 11) -1080 × 2400 pixels 20:9 aspect ratio (~405 ppi density)
- Focus version: Firefox Focus Nightly 100.0a1 (360770507-🦎100.0a1-20220317092857🦎)
Notes:
- Reproducible regardless of the status of ETP.
- Not reproducible using the latest build of Firefox Nightly in Normal Browsing Mode and in Private Browsing Mode.
- Reproducible on both Release and Nightly Version of Firefox Focus.
- Screenshot attached:
Change performed by the Move to Bugzilla add-on.
Reporter | ||
Comment 1•3 years ago
|
||
Issue happens on Fenix and GVE also but interestingly not on desktop.
See https://github.com/mozilla-mobile/focus-android/issues/6710#issuecomment-1074983974
Comment 2•3 years ago
|
||
The issue is not reproducible on my side on Fenix and GVE running Android 11, but it is reproducible on devices running Android 12:
Tested with:
Browser / Version: Firefox Nightly 100.0a1 (2015870107 -🦎100.0a1-20220321065848🦎)
Operating System: Samsung A51 (Android 11) -1080 × 2400 pixels 20:9 aspect ratio (~405 ppi density)
Operating System: Google Pixel 3 (Android 12) -1080 x 2160 pixels, 18:9 ratio (~443 ppi density)
Comment 3•3 years ago
|
||
thankyou |
This site is configured incorrectly: it is sending an incomplete chain of certificates. See
https://www.ssllabs.com/ssltest/analyze.html?d=aide.laposte.fr ("This server's certificate chain is incomplete. Grade capped to B.")
On Desktop we have a remote-settings dataset that contains the "known intermediates" to address this unfortunately common misconfiguration. The file is very large with occasional updates so I can easily believe we might not send it to Android.
This is not an Android 12 problem. The reason this worked for your other Android 11 profiles is because you've used them more. The Root certificate in this case is GlobalSign which is one of the well-known ones. It's quite likely that you've previously surfed to another site with a GlobalSign certificate in this session, so your Android 11 profiles have cached copies of the intermediate and we're able to construct a valid certificate chain even though the site is not providing it.
Workaround:
- visit https://www.globalsign.com
- now open aide.laposte.fr and it should work fine (at least until the TLS cache expires)
This needs to be fixed by the site. Unfortunately, it was already somewhat difficult to get sites to care; now that desktop Firefox has a workaround (as do other browsers) they have even less reason to care :-(
Updated•2 years ago
|
Assignee | ||
Updated•9 months ago
|
Description
•