Issue metadata
Sign in to add a comment
|
Security panel message auth and key exchange information
Reported by
daveyy.k...@gmail.com,
Apr 14 2016
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36 Steps to reproduce the problem: 1. Open any HTTPS website 2. Click the lock icon > Details 3. Security panel is opened What is the expected behavior? Message authentication and key exchange information is surfaced What went wrong? Message authentication and key exchange information is not surfaced Did this work before? Yes 49 Chrome version: 50.0.2661.75 Channel: stable OS Version: 10.0 Flash Version: Shockwave Flash 21.0 r0
,
Apr 26 2016
If you look on the left hand side, under the "Main Origin" header, it should say something like "Reload to view details". When you reload the page, an entry should appear under "Main Origin", which will provide this information (and lots more). The Security tab will also list the other connections used for the page, under the "Secure Origins" header. I believe this is only temporary, while @lgarron is adding the Security tab in the Dev Tools ( https://crbug.com/504513 ). Maybe the UI could be improved? (e.g. making the reload message more obvious), as I'm not sure all of the TLS (HTTPS) information can be collected without effecting performance (most people won't need this information). --- For some background, the old "Origin Info Bubble" (OIB) was getting too complicated and difficult for most people to read/understand, yet too simple for anyone technical, so a new Security tab was created to show the Security information for the current page. In the future this tab will hopefully show even more information, such as: - HSTS / HPKP ( https://crbug.com/505550 ) - Certificate Transparency ( https://crbug.com/591848 ) - Content Security Policy ( https://crbug.com/588970 )
,
Apr 26 2016
Thanks for that insight - so this information is there but is now harder to find and requires a page reload, not the most intuitive implementation.
,
Apr 29 2016
Craig is right, but we're also working on showing the information without a page reload; follow Issue 551728 for updates. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by wanderp...@gmail.com
, Apr 18 2016