bug#32833: IceCat 60 showing sites as "insecure" despite using HTTPS

unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed

From: Mike Gerwitz <mtg@gnu.org>
To: 32833@debbugs.gnu.org
Subject: bug#32833: IceCat 60 showing sites as "insecure" despite using HTTPS
Date: Tue, 25 Sep 2018 00:22:24 -0400	[thread overview]
Message-ID: <87k1nadx4v.fsf@gnu.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 1090 bytes --]

I don't know if this is a problem specific to Guix or upstream; I can
give IceCat a try in a Debian VM tomorrow.  But I want to make others
aware of the problem in the meantime:

Even if sites are using HTTPS, IceCat is still saying "This connection
is insecure" if you click on the "i" icon in the URL bar.  This seems to
be a problem with every HTTPS site I visit.

On the "Security" tab of the "Page Info" dialog, under "Technical
Details", no certificate information is listed; it simply says
"Connection Not Encrypted".  That's clearly not true, otherwise the page
would fail to load.  I've tried with sites that use HSTS and don't even
support plaintext connections (e.g. my own)---the pages load just fine.

I haven't played around with sites with expired certificates or anything
yet.  But if IceCat is not reporting security status correctly, then
users may be at risk, so be careful in the meantime!

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]

next             reply	other threads:[~2018-09-25  4:30 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-25  4:22 Mike Gerwitz [this message]
2018-09-25 22:01 ` bug#32833: IceCat 60 showing sites as "insecure" despite using HTTPS Mark H Weaver
2018-09-26  0:16   ` Mark H Weaver
2018-09-26  0:30     ` Mike Gerwitz
2018-09-26  4:55       ` Mike Gerwitz
2023-08-29  3:40       ` bug#32833: IceCat 60 certificate validation fails when using system NSS Maxim Cournoyer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87k1nadx4v.fsf@gnu.org \
    --to=mtg@gnu.org \
    --cc=32833@debbugs.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).