X
Tippen Sie hierhin, um die Version dieser Website für Mobilgeräte aufzurufen.

Hilfeforum

Why is Firefox 68 flagging my https site as 'using weak encryption' and says Connection is not secure?

Veröffentlicht

When I navigate to sites we host that have an SSL certificate installed, I get a yellow exclamation point icon over the top of the padlock, clicking it shows the message under CONNECTION.. Connection is not secure and This page uses weak encryption. Clicking into the Connection and choosing more information shows the security details.

When I navigate to sites we host that have an SSL certificate installed, I get a yellow exclamation point icon over the top of the padlock, clicking it shows the message under CONNECTION.. Connection is not secure and This page uses weak encryption. Clicking into the Connection and choosing more information shows the security details.
Angefügte Screenshots

Ausgewählte Lösung

Even the www subdomain is a disaster: https://www.ssllabs.com/ssltest/analyze.html?d=www.channelready.com

I think someone must have made a configuration error on the server at some point. Or hacked.

Diese Antwort im Kontext lesen 0
Zitieren

Mehr Details zum System

Installierte Plugins

OpenH264 Video Codec and Widevine content decryption module

Anwendung

  • User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

Weitere Informationen

Tyler Downer
  • Top 25 Contributor
  • Moderator
1525 Lösungen 10618 Antworten
Veröffentlicht

As you can see, your site is using TLS 1.0, which is pretty much considered a broken encryption standard at this point.

You can see a complete list of all the problems with this site's encryption at https://www.ssllabs.com/ssltest/analyze.html?d=dms.channelready.com

and

https://observatory.mozilla.org/analyze/dms.channelready.com

Basically, the site is vulnerable to a multitude of attacks and should be fixed ASAP

As you can see, your site is using TLS 1.0, which is pretty much considered a broken encryption standard at this point. You can see a complete list of all the problems with this site's encryption at https://www.ssllabs.com/ssltest/analyze.html?d=dms.channelready.com and https://observatory.mozilla.org/analyze/dms.channelready.com Basically, the site is vulnerable to a multitude of attacks and should be fixed ASAP
Hat Ihnen das weitergeholfen?
Zitieren
jscher2000
  • Top 10 Contributor
8574 Lösungen 70112 Antworten
Veröffentlicht

Ausgewählte Lösung

Even the www subdomain is a disaster: https://www.ssllabs.com/ssltest/analyze.html?d=www.channelready.com

I think someone must have made a configuration error on the server at some point. Or hacked.

Even the www subdomain is a disaster: https://www.ssllabs.com/ssltest/analyze.html?d=www.channelready.com I think someone must have made a configuration error on the server at some point. Or hacked.
Hat Ihnen das weitergeholfen?
Zitieren
mark.broge 0 Lösungen 3 Antworten
Veröffentlicht

Hello Jefferson, I think we know each other from a previous forum called Woody's Lounge :)

I'm having this exact issue with Spiceworks on our internal network. I didn't see a posted resolution, is this a web server configuration issue (in my case Apache)? Interestingly, IE does not exhibit this behavior, and although I can't test with Chrome I suspect it wouldn't either.

Hello Jefferson, I think we know each other from a previous forum called Woody's Lounge :) I'm having this exact issue with Spiceworks on our internal network. I didn't see a posted resolution, is this a web server configuration issue (in my case Apache)? Interestingly, IE does not exhibit this behavior, and although I can't test with Chrome I suspect it wouldn't either.
Hat Ihnen das weitergeholfen?
Zitieren
jscher2000
  • Top 10 Contributor
8574 Lösungen 70112 Antworten
Veröffentlicht

Hi Mark, long time.

If you open the Page Info dialog using either:

  • right-click > View Page Info
  • (menu bar) Tools > Page Info

Then switch over to the Security panel, there is a little summary at the bottom showing the cipher and protocol. Apparently one of those is on the older side and Firefox is warning that it no longer provides good assurances of privacy.

Tyler mentioned that you may see this for TLS 1.0 connections. The current best practice is to use TLS 1.2 as a minimum.

Hi Mark, long time. If you open the Page Info dialog using either: * right-click > View Page Info * (menu bar) Tools > Page Info Then switch over to the Security panel, there is a little summary at the bottom showing the cipher and protocol. Apparently one of those is on the older side and Firefox is warning that it no longer provides good assurances of privacy. Tyler mentioned that you may see this for TLS 1.0 connections. The current best practice is to use TLS 1.2 as a minimum.
Hat Ihnen das weitergeholfen?
Zitieren
mark.broge 0 Lösungen 3 Antworten
Veröffentlicht

Thank you for the information! Older and wiser, we are. I did some digging on the offending server and found that the Apache httpd.conf file had an entry enabling all TLS versions, which I modified as follows:

       SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

became

       SSLProtocol -ALL +SSLv3 +TLSv1.2

I used this reference to verify how to modify the configuration file, problem now resolved after an Apache restart. We're all happy with a green padlock in Firefox now.

Thank you for the information! Older and wiser, we are. I did some digging on the offending server and found that the Apache httpd.conf file had an entry enabling all TLS versions, which I modified as follows: SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 became SSLProtocol -ALL +SSLv3 +TLSv1.2 I used [https://serverfault.com/questions/314858/how-to-enable-tls-1-1-and-1-2-with-openssl-and-apache this reference] to verify how to modify the configuration file, problem now resolved after an Apache restart. We're all happy with a green padlock in Firefox now.
Hat Ihnen das weitergeholfen? 0
Zitieren
jscher2000
  • Top 10 Contributor
8574 Lösungen 70112 Antworten
Veröffentlicht

Mark, thanks for the update. I sincerely hope none of your browsers still connect using SSLv3!

Mark, thanks for the update. I sincerely hope none of your browsers still connect using SSLv3!
Hat Ihnen das weitergeholfen?
Zitieren
mark.broge 0 Lösungen 3 Antworten
Veröffentlicht

I hope not either, I'll be removing that SSL entry after hours, I forgot to mention to my boss that I was tweaking the site and it was noticed... no more changes for the duration of the business day!

I hope not either, I'll be removing that SSL entry after hours, I forgot to mention to my boss that I was tweaking the site and it was noticed... no more changes for the duration of the business day!
Hat Ihnen das weitergeholfen?
Zitieren
Stellen Sie eine Frage

Sie müssen sich mit Ihrem Benutzerkonto anmelden, um auf Beiträge zu antworten. Bitte stellen Sie eine neue Frage, wenn Sie noch kein Benutzerkonto haben.