Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test whether the world is ready for security.ssl.require_safe_negotiation -> true #237

Open
pyllyukko opened this issue Mar 13, 2017 · 13 comments

Comments

@pyllyukko
Copy link
Owner

No description provided.

@Atavic
Copy link

Atavic commented Mar 14, 2017

Seems like one of the many implementations that web admins tend to ignore:
https://forum.palemoon.org/viewtopic.php?t=14549#p104106

@pyllyukko
Copy link
Owner Author

It's not a matter of configuration, but upgrading the underlying TLS library to a version that supports RFC5746.

@pyllyukko
Copy link
Owner Author

At least www.vmware.com is not ready ☹️

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated

@Atavic
Copy link

Atavic commented May 29, 2017

World doesn't seem ready yet, as RFC is actually supported by OpenSSL and others, but it's rarely implemented on the mail and webservers?

On Thunderbird: security.ssl.warn_missing_rfc5746;1

pyllyukko added a commit that referenced this issue Dec 3, 2017
@jakejarvis
Copy link

I know this is ancient but just adding that this broke Hulu login (auth.hulu.com) for me. 😞

@Atavic
Copy link

Atavic commented Feb 1, 2019

Blame Hulu admins.

@jakejarvis
Copy link

@Atavic oh yes, to be clear I'm definitely not blaming you guys! I'm just sad that some of the biggest websites are still way behind on implementing this almost two years later.

@pyllyukko
Copy link
Owner Author

pyllyukko commented May 12, 2020

identify.nordea.com not ready :(

nordea

15.4.2024: Secure Renegotiation Supported

@pyllyukko
Copy link
Owner Author

tools.cisco.com not ready.

@pyllyukko
Copy link
Owner Author

pyllyukko commented Sep 9, 2020

caterpillar.com

15.4.2024: Works

@pyllyukko
Copy link
Owner Author

pyllyukko commented Feb 4, 2021

https://support-us.samsung.com/

15.4.2024: SSL_ERROR_UNSAFE_NEGOTIATION

@polyzen
Copy link

polyzen commented Feb 4, 2021

Needs to be toggled when logging into https://www.verizon.com/, for https://ssoauth.verizon.com.

@pyllyukko
Copy link
Owner Author

Needs to be toggled when logging into https://www.verizon.com/, for https://ssoauth.verizon.com.

These seem to work now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants