Ubuntu
firefox package

Site ID gives false broken connections for TLS 1.3

Bug #1661400 reported by B. C. Schmerker
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

User Agent: Mozilla 5.0 (X11; LinUX x86_64; rv:51.0) Gecko/20100101 Firefox/51.0.1
Build ID: 20170125172221

Steps to reproduce:

Opened HTML page https://www.cloudflare.com/; Opened Site Identity Button

Reproducible: Always

Actual Results:
www.cloudflare.com
Connection is Not Secure
! This page uses weak encryption.
->
  Your connection to this website uses weak encryption and is not private.
  ! Other people can view your information or modify the website's behavior.

Expected Results:
www.cloudflare.com
  Secure Connection
->
  Verified by: DigiCert, Inc.

---

The Gavin Lloyd Extension CipherFox (https://addons.mozilla.org/en-US/firefox/addon/cipherfox) reports the use of TLS 1.3 with AES 128 bits (TLS_AES_128_GCM_SHA256). Reported certificates are:
Cloudflare, Inc. ECC 256-bit SHA256.
DigiCert Inc: ECC 384-bit SHA384.
DigiCert Inc: RSA 2048-bit SHA1.

The Sibi Anthony Extension SSleuth (https://addons.mozilla.org/en-US-firefox/addon/ssleuth) reports the following for www.cloudflare.com:
Cipher Suite
TLS_AES_128_GCM_SHA256
Key exchange: Unknown. TLS 1.3
uthentication: Unknown. TLS 1.3
Bulk Cipher: AES GCM 128 bits. AEAD
HMAC: SHA-256.
Perfect Forward Secrecy: Yes
SSL/TLS Version: TLSv1.3
Connection Status: Broken
  This page has either insecure content or a bad certificate.
Certificate
Extended validation: No
Signature SHA-256/ECDSA bits.
Common name: cloudflare.com
Issued to: Cloudflare, Inc.
Issued by: DigiCert Inc
           www.digicert.com
Validity: [Redacted]
Fingerprint: [Redacted]

In TLS 1.2 terms, expected data include a cipher suite TLS_ECDHE_ECC_WITH_AES_128_GCM_SHA256 (reported as TLS_AES_128_GCM_SHA256 pursuant to the IETF draft specification for TLS 1.3); and a certificate suite ECC_256_SHA256. Recommend forward the above information upstream to BugZilla.Mozilla.org, as this Bug doubtless affects multiple users across platforms and operating systems.

---

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: firefox 51.0.1+build2-0ubuntu0.16.04.1
ProcVersionSignature: Ubuntu 4.8.0-34.36~16.04.1-generic 4.8.11
Uname: Linux 4.8.0-34-generic x86_64
AddonCompatCheckDisabled: False
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: bcschmerker 2422 F.... pulseaudio
 /dev/snd/controlC1: bcschmerker 2422 F.... pulseaudio
BuildID: 20170125172221
Channel: Unavailable
CurrentDesktop: Unity
Date: Thu Feb 2 13:49:04 2017
EcryptfsInUse: Yes
Extensions: extensions.sqlite corrupt or missing
ForcedLayersAccel: False
IfupdownConfig:
 # interfaces(5) file used by ifup(8) and ifdown(8)
 auto lo
 iface lo inet loopback
IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite)
InstallationDate: Installed on 2016-03-27 (312 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Beta amd64 (20160323)
IpRoute:
 default via 192.168.1.1 dev enp4s0 proto static metric 100
 169.254.0.0/16 dev enp4s0 scope link metric 1000
 192.168.1.0/24 dev enp4s0 proto kernel scope link src 192.168.1.4 metric 100
IwConfig:
 enp4s0 no wireless extensions.

 lo no wireless extensions.
Locales: extensions.sqlite corrupt or missing
MostRecentCrashID: bp-34f53182-12e5-4712-ba46-226df2170128
Plugins:
 VLC Web Plugin - /usr/lib/mozilla/plugins/libvlcplugin.so (browser-plugin-vlc)
 iTunes Application Detector - /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so (rhythmbox-mozilla)
 Shockwave Flash - /usr/lib/adobe-flashplugin/libflashplayer.so (adobe-flashplugin)
PrefSources: prefs.js
Profiles: Profile0 (Default) - LastVersion=51.0.1/20170125172221
RelatedPackageVersions:
 browser-plugin-vlc 2.0.6-4
 rhythmbox-mozilla 3.3-1ubuntu7
 adobe-flashplugin 1:20170110.1-0ubuntu0.16.04.1
RfKill:
 0: hci0: Bluetooth
  Soft blocked: no
  Hard blocked: no
RunningIncompatibleAddons: False
SourcePackage: firefox
Themes: extensions.sqlite corrupt or missing
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 07/14/2010
dmi.bios.vendor: Award Software International, Inc.
dmi.bios.version: F6d
dmi.board.name: GA-MA78GM-S2HP
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.chassis.type: 3
dmi.chassis.vendor: Gigabyte Technology Co., Ltd.
dmi.modalias: dmi:bvnAwardSoftwareInternational,Inc.:bvrF6d:bd07/14/2010:svnGigabyteTechnologyCo.,Ltd.:pnGA-MA78GM-S2HP:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-MA78GM-S2HP:rvr:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr:
dmi.product.name: GA-MA78GM-S2HP
dmi.sys.vendor: Gigabyte Technology Co., Ltd.

Revision history for this message
B. C. Schmerker (bcschmerker) wrote :
Revision history for this message
B. C. Schmerker (bcschmerker) wrote :

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20170303012758

Behaves like the simulation. Issue RESOLVED FIXED in firefox 52.0+build2-0ubuntu0.16.04.1.

Changed in firefox (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.