User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0 (Beta/Release) Build ID: 2013051000 Steps to reproduce: visit different https:// sites Actual results: Padlock is shown. Green padlock shown if the site has an EV certificate Expected results: A different padlock should be shown depending on whether a PFS or non-PFS cipher is being used. In the light of recent disclosures it is important for the user to make sure that a PFS cipher is in use before engaging in sensitive private communication. See http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html for details.
I'm not sure whether it should be a different lock icon or perhaps it's own icon next to it. While FPS is indeed important to secure the connection, there are other important vectors to consider too, such like SSL attacks: secure regenotiation, BEAST attack, CRIME attack, etc weak ciphers like RC4, SSL/TLS version, mixed content. Perhaps it's best to expand the 'pop-up' when you click the lock icon with more details. Currently it only says the name of the CA and cipher e.g. AES 256 bit. I suggest to add more details like AES 256 with CBC, SHA-1 message authentication and RSA 1024 bit key exchange, and also PFS enabled or not, TLS version, mixed content if applicable, insecure renegotiation if applicable, Strict Transport Security, verified by OCSP or not and lastly perhaps OCSP stapling.
OS: Linux → All
Hardware: x86_64 → All
Version: 21 Branch → Trunk
Created attachment 801407 [details] cipherInfo.png Agreed, the current "Technical Details" would not allow you to notice, that the below site doesn't offer any cipher with forward secrecy - please mention the exact Cipher used! https://www.ssllabs.com/ssltest/analyze.html?d=www.whitehouse.gov&s=18.104.22.168 see also bug 244746 and bug 636419
the same thoughts apply to thunderbird - or at least a plugin should find an interface to get the raw information to work on this: bug 878749
See also the Calomel SSL Validation extension; it's frustrated by Firefox not propagating enough ssl connection metadata. https://forums.mozilla.org/addons/viewtopic.php?f=7&t=14680
Resolving as a dupe of bug 942136. This bug is newer, bug 942136 would subsume this.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 942136
You need to log in before you can comment on or make changes to this bug.