flat assembler
Message board for the users of flat assembler.

Index > Feedback > [solved] SSL unsafe negotiation problem.

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
al_Fazline



Joined: 24 Oct 2018
Posts: 10
al_Fazline
I have this message in Firefox:

Secure Connection Failed

An error occurred during a connection to board.flatassembler.net. Peer attempted old style (potentially vulnerable) handshake. Error code: SSL_ERROR_UNSAFE_NEGOTIATION

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

If I hit "Try again" multiple times, I get the page to load eventually, but some pictures or CSS are missing.[/list]
Post 24 Oct 2018, 10:25
View user's profile Send private message Reply with quote
redsock



Joined: 09 Oct 2009
Posts: 344
Location: Australia
redsock
I tried with several versions of Firefox, all successfully and with no warning messages.

What version of Firefox is causing this issue?

Can you attach a screenshot of the Firefox security dialog (it should show us the TLS parameters, as well as who issued the certificate, its expiry, etc).

_________________
2 Ton Digital - https://2ton.com.au/
Post 25 Oct 2018, 00:18
View user's profile Send private message Reply with quote
al_Fazline



Joined: 24 Oct 2018
Posts: 10
al_Fazline
When page loads successfully, it reports:

CN = Let's Encrypt Authority X3
O = Let's Encrypt
C = US

Owner: This website does not supply ownership information.

Valid date:
From 06 Sep 2018
To 05 Dec 2018

TLS DHE RSA with AES 256 CBC SHA 256 bit keys, TLS 1.2

When page refuses to load, I was only able to see "Connection is not encrypted".

I have tried to poke in various web console tools, but I wasn't able to convince it to show me what particular kind of negotiation it was attempting. If you tell me how to view particular negotiation logs I can provide more details.

The version is GNU IceCat, not actual firefox, but its clone. It can be its bug, actually, but all other sites I visit do not have this problem.
Post 25 Oct 2018, 01:17
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8512
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
using aurora nightly 62.0.3 (64bit) calculate linux,

Image
Post 07 Mar 2019, 17:12
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16903
Location: In your JS exploiting you and your system
revolution
Please elaborate. What does "weak" encryption actually mean there?
Post 07 Mar 2019, 17:14
View user's profile Send private message Visit poster's website Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 233
Ali.Z
really interesting, either that browser is crap or ... whatever.

at least my 32-bit firefox says secure connection, and in both cases i dont give a shit lol.

_________________
Asm For Wise Humans
Post 07 Mar 2019, 21:04
View user's profile Send private message Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 604
Location: Belarus
DimonSoft
I guess it has something to do with the version of SSL (the difference is in encryption key size IIRC). Every website that changed this stuff for the newer one stopped opening on my phone.
Post 08 Mar 2019, 13:43
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8512
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
i just notice this strange scenario, before you login, the lock is green,

but after you login, then only it shows as what i attached in previous post, kinda weird,
Post 08 Mar 2019, 15:56
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16903
Location: In your JS exploiting you and your system
revolution
sleepsleep: Please provide more details. What encryption is it using?
Post 08 Mar 2019, 16:06
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8512
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
before login,

Image

after login,

Image
Post 08 Mar 2019, 16:18
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16903
Location: In your JS exploiting you and your system
revolution
Do you see any HTTP (i..e not HTTPS) URLs in the "Media" leaf?
Post 08 Mar 2019, 16:22
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8512
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
every link in Media tab is https
Post 08 Mar 2019, 16:33
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16903
Location: In your JS exploiting you and your system
revolution
Okay, I see it is the http://flatassembler.net/images/flatassembler.gif link.

Does your"General" leaf show the HTTP link?
Code:
  <meta property="og:image" content="http://flatassembler.net/images/flatassembler.gif" />    


Last edited by revolution on 08 Mar 2019, 16:42; edited 1 time in total
Post 08 Mar 2019, 16:40
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8512
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
i think you just won a jackpot,

General tab shows what you mentioned,
Post 08 Mar 2019, 16:42
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16903
Location: In your JS exploiting you and your system
revolution
The report from FF saying "weak" encryption is misleading.

It should say something like "Some part(s) of the page are not encrypted"
Post 08 Mar 2019, 17:21
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8512
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
congratulation, you just solved the issue,

the lock is green now, revolution, jackpot, Smile
Post 08 Mar 2019, 17:22
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16903
Location: In your JS exploiting you and your system
revolution
Wasn't me. I guess Tomasz fixed it in the usual speedy manner.
Post 08 Mar 2019, 17:43
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8512
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
wait, the lock still said weak encryption, if http:// is the cause,
i found this in source,
Code:
 <p class="navigation">
    <a class="boldlink" href="http://flatassembler.net/index.php">Main&nbsp;index</a>
    <a class="boldlink" href="http://flatassembler.net/download.php">Download</a>
    <a class="boldlink" href="http://flatassembler.net/docs.php">Documentation</a>
    <a class="boldlink" href="http://flatassembler.net/examples.php">Examples</a>
    <a class="boldlink" href="http://board.flatassembler.net/">Message&nbsp;board</a>
  </p>
    
Post 09 Mar 2019, 13:52
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16903
Location: In your JS exploiting you and your system
revolution
Those are external links. They shouldn't be causing the browser to visit them until you click on them.

If you still get the weak indication them it must be something else. Which page do you get the weak indication?
Post 10 Mar 2019, 03:13
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8512
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
lock with yellow exclamation mark still showing in aurora browser, it only happened after log in, in main index page, in login page too, but once you log out, the effect persists,
Post 11 Mar 2019, 08:48
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.