firefox reports broken encryption TLS1.0 while server enforces TLSv1.2 and FF tls.version.min is set to 2
both sslscan and testssl report the site to only offer TLSv1.2. Firefox security.tls.version.min config setting is set to 2 which I understand to disallow TLSv1.0 connections. Still when connecting to this site Firefox says "weak encryption, TLSv1.0 and a weak cipher, which is clearly incorrect. This is firefox 71.0 on Fedora 30.
Additional System Details
- Shockwave Flash 32.0 r0
- User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
Can you share the URL of the site?
Can you rule out a proxy server or other "man in the middle"? When there is an MITM, there are two connections: Firefox to MITM, MITM to site (this is how the MITM gets unencrypted access to your browsing).
cannot share the link as this is an emulated local z/OS setup. This is why I know the server forces TLSv1.2 only (as I control the server). For sure there is no MITM possibility, as the client is FF on fedora 30, and the server is locally emulated z/OS (not connected to the internet) on the same Linux host.
So if understand correctly:
- You control the SSL configuration of the server
- The server refuses to connect using any protocol other than TLS 1.2
- Firefox is set to a minimum protocol of TLS 1.1 by setting security.tls.version.min = 2
- Firefox says it retrieved the page using TLS 1.0
In case Firefox is providing information on a cached retrieval, could you flush the cache? See: How to clear the Firefox cache.
Otherwise, "that's impossible."
What cipher suite is used ?
Does "Tools -> Page Info -> Security" or the Network Monitor give more information ?
You shouldn't get such a warning if you use TLS 1.2 with a strong cipher suite.
This is what the server offers:
Supported Server Cipher(s):
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 1024 bits Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits Accepted TLSv1.2 256 bits AES256-GCM-SHA384 Accepted TLSv1.2 256 bits AES256-SHA256 Accepted TLSv1.2 256 bits AES256-SHA Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256 Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 1024 bits Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits Accepted TLSv1.2 128 bits AES128-GCM-SHA256 Accepted TLSv1.2 128 bits AES128-SHA256 Accepted TLSv1.2 128 bits AES128-SHA
As you can see the preferred cipher is a strong cipher. I will flush my cache now as suggested in another response, although caching TLS session information would imho be a bad thing
Flushing the cache has changed the message on page-info: now TLSv1.2 is indicated, although the server preferred cipher (see above) is not used. It might be the server (a WAS Liberty application) that caches the TLS session info. Thanks for the suggestions