Public bug reported: User Agent: Mozilla 5.0 (X11; LinUX x86_64; rv:51.0) Gecko/20100101 Firefox/51.0.1 Build ID: 20170125172221
Steps to reproduce: Opened HTML page https://www.cloudflare.com/; Opened Site Identity Button Reproducible: Always Actual Results: www.cloudflare.com Connection is Not Secure ! This page uses weak encryption. -> Your connection to this website uses weak encryption and is not private. ! Other people can view your information or modify the website's behavior. Expected Results: www.cloudflare.com Secure Connection -> Verified by: DigiCert, Inc. --- The Gavin Lloyd Extension CipherFox (https://addons.mozilla.org/en-US/firefox/addon/cipherfox) reports the use of TLS 1.3 with AES 128 bits (TLS_AES_128_GCM_SHA256). Reported certificates are: Cloudflare, Inc. ECC 256-bit SHA256. DigiCert Inc: ECC 384-bit SHA384. DigiCert Inc: RSA 2048-bit SHA1. The Sibi Anthony Extension SSleuth (https://addons.mozilla.org/en-US-firefox/addon/ssleuth) reports the following for www.cloudflare.com: Cipher Suite TLS_AES_128_GCM_SHA256 Key exchange: Unknown. TLS 1.3 uthentication: Unknown. TLS 1.3 Bulk Cipher: AES GCM 128 bits. AEAD HMAC: SHA-256. Perfect Forward Secrecy: Yes SSL/TLS Version: TLSv1.3 Connection Status: Broken This page has either insecure content or a bad certificate. Certificate Extended validation: No Signature SHA-256/ECDSA bits. Common name: cloudflare.com Issued to: Cloudflare, Inc. Issued by: DigiCert Inc www.digicert.com Validity: [Redacted] Fingerprint: [Redacted] In TLS 1.2 terms, expected data include a cipher suite TLS_ECDHE_ECC_WITH_AES_128_GCM_SHA256 (reported as TLS_AES_128_GCM_SHA256 pursuant to the IETF draft specification for TLS 1.3); and a certificate suite ECC_256_SHA256. Recommend forward the above information upstream to BugZilla.Mozilla.org, as this Bug doubtless affects multiple users across platforms and operating systems. --- ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: firefox 51.0.1+build2-0ubuntu0.16.04.1 ProcVersionSignature: Ubuntu 4.8.0-34.36~16.04.1-generic 4.8.11 Uname: Linux 4.8.0-34-generic x86_64 AddonCompatCheckDisabled: False ApportVersion: 2.20.1-0ubuntu2.5 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: bcschmerker 2422 F.... pulseaudio /dev/snd/controlC1: bcschmerker 2422 F.... pulseaudio BuildID: 20170125172221 Channel: Unavailable CurrentDesktop: Unity Date: Thu Feb 2 13:49:04 2017 EcryptfsInUse: Yes Extensions: extensions.sqlite corrupt or missing ForcedLayersAccel: False IfupdownConfig: # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite) InstallationDate: Installed on 2016-03-27 (312 days ago) InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Beta amd64 (20160323) IpRoute: default via 192.168.1.1 dev enp4s0 proto static metric 100 169.254.0.0/16 dev enp4s0 scope link metric 1000 192.168.1.0/24 dev enp4s0 proto kernel scope link src 192.168.1.4 metric 100 IwConfig: enp4s0 no wireless extensions. lo no wireless extensions. Locales: extensions.sqlite corrupt or missing MostRecentCrashID: bp-34f53182-12e5-4712-ba46-226df2170128 Plugins: VLC Web Plugin - /usr/lib/mozilla/plugins/libvlcplugin.so (browser-plugin-vlc) iTunes Application Detector - /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so (rhythmbox-mozilla) Shockwave Flash - /usr/lib/adobe-flashplugin/libflashplayer.so (adobe-flashplugin) PrefSources: prefs.js Profiles: Profile0 (Default) - LastVersion=51.0.1/20170125172221 RelatedPackageVersions: browser-plugin-vlc 2.0.6-4 rhythmbox-mozilla 3.3-1ubuntu7 adobe-flashplugin 1:20170110.1-0ubuntu0.16.04.1 RfKill: 0: hci0: Bluetooth Soft blocked: no Hard blocked: no RunningIncompatibleAddons: False SourcePackage: firefox Themes: extensions.sqlite corrupt or missing UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 07/14/2010 dmi.bios.vendor: Award Software International, Inc. dmi.bios.version: F6d dmi.board.name: GA-MA78GM-S2HP dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.chassis.type: 3 dmi.chassis.vendor: Gigabyte Technology Co., Ltd. dmi.modalias: dmi:bvnAwardSoftwareInternational,Inc.:bvrF6d:bd07/14/2010:svnGigabyteTechnologyCo.,Ltd.:pnGA-MA78GM-S2HP:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-MA78GM-S2HP:rvr:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr: dmi.product.name: GA-MA78GM-S2HP dmi.sys.vendor: Gigabyte Technology Co., Ltd. ** Affects: firefox (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug third-party-packages xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1661400 Title: Site ID gives false broken connections for TLS 1.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1661400/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
