Site ID gives false broken connections for TLS 1.3

Bug #1661400 reported by B. C. Schmerker on 2017-02-02
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)

Bug Description

User Agent: Mozilla 5.0 (X11; LinUX x86_64; rv:51.0) Gecko/20100101 Firefox/51.0.1
Build ID: 20170125172221

Steps to reproduce:

Opened HTML page; Opened Site Identity Button

Reproducible: Always

Actual Results:
Connection is Not Secure
! This page uses weak encryption.
  Your connection to this website uses weak encryption and is not private.
  ! Other people can view your information or modify the website's behavior.

Expected Results:
  Secure Connection
  Verified by: DigiCert, Inc.


The Gavin Lloyd Extension CipherFox ( reports the use of TLS 1.3 with AES 128 bits (TLS_AES_128_GCM_SHA256). Reported certificates are:
Cloudflare, Inc. ECC 256-bit SHA256.
DigiCert Inc: ECC 384-bit SHA384.
DigiCert Inc: RSA 2048-bit SHA1.

The Sibi Anthony Extension SSleuth ( reports the following for
Cipher Suite
Key exchange: Unknown. TLS 1.3
uthentication: Unknown. TLS 1.3
Bulk Cipher: AES GCM 128 bits. AEAD
HMAC: SHA-256.
Perfect Forward Secrecy: Yes
SSL/TLS Version: TLSv1.3
Connection Status: Broken
  This page has either insecure content or a bad certificate.
Extended validation: No
Signature SHA-256/ECDSA bits.
Common name:
Issued to: Cloudflare, Inc.
Issued by: DigiCert Inc
Validity: [Redacted]
Fingerprint: [Redacted]

In TLS 1.2 terms, expected data include a cipher suite TLS_ECDHE_ECC_WITH_AES_128_GCM_SHA256 (reported as TLS_AES_128_GCM_SHA256 pursuant to the IETF draft specification for TLS 1.3); and a certificate suite ECC_256_SHA256. Recommend forward the above information upstream to, as this Bug doubtless affects multiple users across platforms and operating systems.


ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: firefox 51.0.1+build2-0ubuntu0.16.04.1
ProcVersionSignature: Ubuntu 4.8.0-34.36~16.04.1-generic 4.8.11
Uname: Linux 4.8.0-34-generic x86_64
AddonCompatCheckDisabled: False
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
 /dev/snd/controlC0: bcschmerker 2422 F.... pulseaudio
 /dev/snd/controlC1: bcschmerker 2422 F.... pulseaudio
BuildID: 20170125172221
Channel: Unavailable
CurrentDesktop: Unity
Date: Thu Feb 2 13:49:04 2017
EcryptfsInUse: Yes
Extensions: extensions.sqlite corrupt or missing
ForcedLayersAccel: False
 # interfaces(5) file used by ifup(8) and ifdown(8)
 auto lo
 iface lo inet loopback
IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite)
InstallationDate: Installed on 2016-03-27 (312 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Beta amd64 (20160323)
 default via dev enp4s0 proto static metric 100 dev enp4s0 scope link metric 1000 dev enp4s0 proto kernel scope link src metric 100
 enp4s0 no wireless extensions.

 lo no wireless extensions.
Locales: extensions.sqlite corrupt or missing
MostRecentCrashID: bp-34f53182-12e5-4712-ba46-226df2170128
 VLC Web Plugin - /usr/lib/mozilla/plugins/ (browser-plugin-vlc)
 iTunes Application Detector - /usr/lib/mozilla/plugins/ (rhythmbox-mozilla)
 Shockwave Flash - /usr/lib/adobe-flashplugin/ (adobe-flashplugin)
PrefSources: prefs.js
Profiles: Profile0 (Default) - LastVersion=51.0.1/20170125172221
 browser-plugin-vlc 2.0.6-4
 rhythmbox-mozilla 3.3-1ubuntu7
 adobe-flashplugin 1:20170110.1-0ubuntu0.16.04.1
 0: hci0: Bluetooth
  Soft blocked: no
  Hard blocked: no
RunningIncompatibleAddons: False
SourcePackage: firefox
Themes: extensions.sqlite corrupt or missing
UpgradeStatus: No upgrade log present (probably fresh install) 07/14/2010
dmi.bios.vendor: Award Software International, Inc.
dmi.bios.version: F6d GA-MA78GM-S2HP
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.chassis.type: 3
dmi.chassis.vendor: Gigabyte Technology Co., Ltd.
dmi.modalias: dmi:bvnAwardSoftwareInternational,Inc.:bvrF6d:bd07/14/2010:svnGigabyteTechnologyCo.,Ltd.:pnGA-MA78GM-S2HP:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-MA78GM-S2HP:rvr:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr: GA-MA78GM-S2HP
dmi.sys.vendor: Gigabyte Technology Co., Ltd.

B. C. Schmerker (bcschmerker) wrote :
B. C. Schmerker (bcschmerker) wrote :

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20170303012758

Behaves like the simulation. Issue RESOLVED FIXED in firefox 52.0+build2-0ubuntu0.16.04.1.

Changed in firefox (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers