Closed Bug 903397 Opened 12 years ago Closed 12 years ago

Show a broken padlock if a website supports insecure renegotiation

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Version:
23 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 665859

People

(Reporter: g199719, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0 (Beta/Release) Steps to reproduce: 1) Navigate to https://passport.baidu.com/ 2) Observe that firefox shows a secure padlock 3) Navigate to https://www.ssllabs.com/ssltest/analyze.html?d=passport.baidu.com 4) Observe that the site does not support secure renegotiation. Last discussion regarding this issue happened in December 2010. https://wiki.mozilla.org/Security:Renegotiation Actual results: The website showed secure padlock. Expected results: The website should not show secure padlock.
Component: Untriaged → Security
Product: Firefox → Core
So you want security.ssl.treat_unsafe_negotiation_as_broken;true set default.
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.