Closed
Bug 253999
Opened 20 years ago
Closed 20 years ago
Bad SSL security: Not displaying asymmetric key sizes during SSL (eg. low RSA key sizes)
Categories
(Core Graveyard :: Security: UI, enhancement)
Tracking
(Not tracked)
People
(Reporter: ghost16825, Assigned: KaiE)
Details
(Keywords: helpwanted, polish, useless-UI)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 When going to a https site Mozilla will display the symmetric key size, (usually 128bits) but will not display anywhere the asymmetric key size (usually RSA) even if it is say less than 1024 bits (eg. 512bits) or some other low number. Mozilla should fully disclose this under Page Info > Security at least. A similar fix should be done for Firefox. All relevant information to SSL should be disclosed where possible. Having the browser inform the user that a site uses "high security" even if low assymmetric keys are used is very misleading and potentially dangerous. Numerous security professionals, including a cryptoanalyst agree that assymetric information should be disclosed. This is issue is discussed in this thread: http://www.security-forums.com/forum/viewtopic.php?t=17955&start=0&postdays=0&postorder=asc&highlight= Reproducible: Always Steps to Reproduce: 1. 2. 3.
Reporter | ||
Comment 1•20 years ago
|
||
I can almost fix this myself. It is a trivial to fix, but an important issue.
Updated•20 years ago
|
Assignee: dveditz → kaie
Component: Security: General → Client Library
Product: Browser → PSM
Version: Trunk → unspecified
Updated•20 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.8a3?
Flags: blocking-aviary1.0?
Displaying "high-grade encryption" on a connection with a bitty little RSA key is asking for it. This needs to be fixed before the next final builds.
Reporter | ||
Comment 3•20 years ago
|
||
*** This bug has been marked as a duplicate of 78837 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Comment 4•20 years ago
|
||
removing blocker nominations from this dupe. maybe the original bug should be nominated?
Flags: blocking1.8a3?
Flags: blocking-aviary1.0?
Reporter | ||
Comment 5•20 years ago
|
||
(In reply to comment #4) > removing blocker nominations from this dupe. maybe the original bug should be > nominated? Yeah, definitely. Feel free to do so.
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•