[Bug 1661400] [NEW] Site ID gives false broken connections for TLS 1.3
B. C. Schmerker
bcschmerker at yahoo.com
Thu Feb 2 21:53:24 UTC 2017
Public bug reported:
User Agent: Mozilla 5.0 (X11; LinUX x86_64; rv:51.0) Gecko/20100101 Firefox/51.0.1
Build ID: 20170125172221
Steps to reproduce:
Opened HTML page https://www.cloudflare.com/; Opened Site Identity
Button
Reproducible: Always
Actual Results:
www.cloudflare.com
Connection is Not Secure
! This page uses weak encryption.
->
Your connection to this website uses weak encryption and is not private.
! Other people can view your information or modify the website's behavior.
Expected Results:
www.cloudflare.com
Secure Connection
->
Verified by: DigiCert, Inc.
---
The Gavin Lloyd Extension CipherFox (https://addons.mozilla.org/en-US/firefox/addon/cipherfox) reports the use of TLS 1.3 with AES 128 bits (TLS_AES_128_GCM_SHA256). Reported certificates are:
Cloudflare, Inc. ECC 256-bit SHA256.
DigiCert Inc: ECC 384-bit SHA384.
DigiCert Inc: RSA 2048-bit SHA1.
The Sibi Anthony Extension SSleuth (https://addons.mozilla.org/en-US-firefox/addon/ssleuth) reports the following for www.cloudflare.com:
Cipher Suite
TLS_AES_128_GCM_SHA256
Key exchange: Unknown. TLS 1.3
uthentication: Unknown. TLS 1.3
Bulk Cipher: AES GCM 128 bits. AEAD
HMAC: SHA-256.
Perfect Forward Secrecy: Yes
SSL/TLS Version: TLSv1.3
Connection Status: Broken
This page has either insecure content or a bad certificate.
Certificate
Extended validation: No
Signature SHA-256/ECDSA bits.
Common name: cloudflare.com
Issued to: Cloudflare, Inc.
Issued by: DigiCert Inc
www.digicert.com
Validity: [Redacted]
Fingerprint: [Redacted]
In TLS 1.2 terms, expected data include a cipher suite
TLS_ECDHE_ECC_WITH_AES_128_GCM_SHA256 (reported as
TLS_AES_128_GCM_SHA256 pursuant to the IETF draft specification for TLS
1.3); and a certificate suite ECC_256_SHA256. Recommend forward the
above information upstream to BugZilla.Mozilla.org, as this Bug
doubtless affects multiple users across platforms and operating systems.
---
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: firefox 51.0.1+build2-0ubuntu0.16.04.1
ProcVersionSignature: Ubuntu 4.8.0-34.36~16.04.1-generic 4.8.11
Uname: Linux 4.8.0-34-generic x86_64
AddonCompatCheckDisabled: False
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: bcschmerker 2422 F.... pulseaudio
/dev/snd/controlC1: bcschmerker 2422 F.... pulseaudio
BuildID: 20170125172221
Channel: Unavailable
CurrentDesktop: Unity
Date: Thu Feb 2 13:49:04 2017
EcryptfsInUse: Yes
Extensions: extensions.sqlite corrupt or missing
ForcedLayersAccel: False
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite)
InstallationDate: Installed on 2016-03-27 (312 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Beta amd64 (20160323)
IpRoute:
default via 192.168.1.1 dev enp4s0 proto static metric 100
169.254.0.0/16 dev enp4s0 scope link metric 1000
192.168.1.0/24 dev enp4s0 proto kernel scope link src 192.168.1.4 metric 100
IwConfig:
enp4s0 no wireless extensions.
lo no wireless extensions.
Locales: extensions.sqlite corrupt or missing
MostRecentCrashID: bp-34f53182-12e5-4712-ba46-226df2170128
Plugins:
VLC Web Plugin - /usr/lib/mozilla/plugins/libvlcplugin.so (browser-plugin-vlc)
iTunes Application Detector - /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so (rhythmbox-mozilla)
Shockwave Flash - /usr/lib/adobe-flashplugin/libflashplayer.so (adobe-flashplugin)
PrefSources: prefs.js
Profiles: Profile0 (Default) - LastVersion=51.0.1/20170125172221
RelatedPackageVersions:
browser-plugin-vlc 2.0.6-4
rhythmbox-mozilla 3.3-1ubuntu7
adobe-flashplugin 1:20170110.1-0ubuntu0.16.04.1
RfKill:
0: hci0: Bluetooth
Soft blocked: no
Hard blocked: no
RunningIncompatibleAddons: False
SourcePackage: firefox
Themes: extensions.sqlite corrupt or missing
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 07/14/2010
dmi.bios.vendor: Award Software International, Inc.
dmi.bios.version: F6d
dmi.board.name: GA-MA78GM-S2HP
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.chassis.type: 3
dmi.chassis.vendor: Gigabyte Technology Co., Ltd.
dmi.modalias: dmi:bvnAwardSoftwareInternational,Inc.:bvrF6d:bd07/14/2010:svnGigabyteTechnologyCo.,Ltd.:pnGA-MA78GM-S2HP:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-MA78GM-S2HP:rvr:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr:
dmi.product.name: GA-MA78GM-S2HP
dmi.sys.vendor: Gigabyte Technology Co., Ltd.
** Affects: firefox (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug third-party-packages xenial
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1661400
Title:
Site ID gives false broken connections for TLS 1.3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1661400/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list