Site ID gives false broken connections for TLS 1.3

Bug #1661400 reported by B. C. Schmerker on 2017-02-02
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Undecided
Unassigned

Bug Description

User Agent: Mozilla 5.0 (X11; LinUX x86_64; rv:51.0) Gecko/20100101 Firefox/51.0.1
Build ID: 20170125172221

Steps to reproduce:

Opened HTML page https://www.cloudflare.com/; Opened Site Identity Button

Reproducible: Always

Actual Results:
www.cloudflare.com
Connection is Not Secure
! This page uses weak encryption.
->
  Your connection to this website uses weak encryption and is not private.
  ! Other people can view your information or modify the website's behavior.

Expected Results:
www.cloudflare.com
  Secure Connection
->
  Verified by: DigiCert, Inc.

---

The Gavin Lloyd Extension CipherFox (https://addons.mozilla.org/en-US/firefox/addon/cipherfox) reports the use of TLS 1.3 with AES 128 bits (TLS_AES_128_GCM_SHA256). Reported certificates are:
Cloudflare, Inc. ECC 256-bit SHA256.
DigiCert Inc: ECC 384-bit SHA384.
DigiCert Inc: RSA 2048-bit SHA1.

The Sibi Anthony Extension SSleuth (https://addons.mozilla.org/en-US-firefox/addon/ssleuth) reports the following for www.cloudflare.com:
Cipher Suite
TLS_AES_128_GCM_SHA256
Key exchange: Unknown. TLS 1.3
uthentication: Unknown. TLS 1.3
Bulk Cipher: AES GCM 128 bits. AEAD
HMAC: SHA-256.
Perfect Forward Secrecy: Yes
SSL/TLS Version: TLSv1.3
Connection Status: Broken
  This page has either insecure content or a bad certificate.
Certificate
Extended validation: No
Signature SHA-256/ECDSA bits.
Common name: cloudflare.com
Issued to: Cloudflare, Inc.
Issued by: DigiCert Inc
           www.digicert.com
Validity: [Redacted]
Fingerprint: [Redacted]

In TLS 1.2 terms, expected data include a cipher suite TLS_ECDHE_ECC_WITH_AES_128_GCM_SHA256 (reported as TLS_AES_128_GCM_SHA256 pursuant to the IETF draft specification for TLS 1.3); and a certificate suite ECC_256_SHA256. Recommend forward the above information upstream to BugZilla.Mozilla.org, as this Bug doubtless affects multiple users across platforms and operating systems.

---

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: firefox 51.0.1+build2-0ubuntu0.16.04.1
ProcVersionSignature: Ubuntu 4.8.0-34.36~16.04.1-generic 4.8.11
Uname: Linux 4.8.0-34-generic x86_64
AddonCompatCheckDisabled: False
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: bcschmerker 2422 F.... pulseaudio
 /dev/snd/controlC1: bcschmerker 2422 F.... pulseaudio
BuildID: 20170125172221
Channel: Unavailable
CurrentDesktop: Unity
Date: Thu Feb 2 13:49:04 2017
EcryptfsInUse: Yes
Extensions: extensions.sqlite corrupt or missing
ForcedLayersAccel: False
IfupdownConfig:
 # interfaces(5) file used by ifup(8) and ifdown(8)
 auto lo
 iface lo inet loopback
IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite)
InstallationDate: Installed on 2016-03-27 (312 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Beta amd64 (20160323)
IpRoute:
 default via 192.168.1.1 dev enp4s0 proto static metric 100
 169.254.0.0/16 dev enp4s0 scope link metric 1000
 192.168.1.0/24 dev enp4s0 proto kernel scope link src 192.168.1.4 metric 100
IwConfig:
 enp4s0 no wireless extensions.

 lo no wireless extensions.
Locales: extensions.sqlite corrupt or missing
MostRecentCrashID: bp-34f53182-12e5-4712-ba46-226df2170128
Plugins:
 VLC Web Plugin - /usr/lib/mozilla/plugins/libvlcplugin.so (browser-plugin-vlc)
 iTunes Application Detector - /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so (rhythmbox-mozilla)
 Shockwave Flash - /usr/lib/adobe-flashplugin/libflashplayer.so (adobe-flashplugin)
PrefSources: prefs.js
Profiles: Profile0 (Default) - LastVersion=51.0.1/20170125172221
RelatedPackageVersions:
 browser-plugin-vlc 2.0.6-4
 rhythmbox-mozilla 3.3-1ubuntu7
 adobe-flashplugin 1:20170110.1-0ubuntu0.16.04.1
RfKill:
 0: hci0: Bluetooth
  Soft blocked: no
  Hard blocked: no
RunningIncompatibleAddons: False
SourcePackage: firefox
Themes: extensions.sqlite corrupt or missing
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 07/14/2010
dmi.bios.vendor: Award Software International, Inc.
dmi.bios.version: F6d
dmi.board.name: GA-MA78GM-S2HP
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.chassis.type: 3
dmi.chassis.vendor: Gigabyte Technology Co., Ltd.
dmi.modalias: dmi:bvnAwardSoftwareInternational,Inc.:bvrF6d:bd07/14/2010:svnGigabyteTechnologyCo.,Ltd.:pnGA-MA78GM-S2HP:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-MA78GM-S2HP:rvr:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr:
dmi.product.name: GA-MA78GM-S2HP
dmi.sys.vendor: Gigabyte Technology Co., Ltd.

B. C. Schmerker (bcschmerker) wrote :
B. C. Schmerker (bcschmerker) wrote :

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20170303012758

Behaves like the simulation. Issue RESOLVED FIXED in firefox 52.0+build2-0ubuntu0.16.04.1.

Changed in firefox (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers