Helpful security/cipher info was removed from UI in Chromium 50+ versions
Reported by
totallyf...@gmail.com,
May 15 2016
|
|||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 Steps to reproduce the problem: 1. Open any HTTPS secured website. 2. Click the padlock icon in the address bar. 3. Click the Connection tab. 4. Security/cipher info in newer Chromium versions (after 49) is NOT available unless the user clicks Details and then reloads the page. What is the expected behavior? I expect the info to be available for future Chromium versions and NOT removed. What went wrong? I expect that the encryption info present within the attached screenshot should NOT be removed from future versions of Chrome/Chromium. Forcing a user to click 'Details' and reload the page makes them less likely to check the security of a website (banking) and opens them up to far more issues with zero-day phishing and other types of malformed content. I never understood why this was removed. WHY!? The user would have to click the padlock and then click the 'Connection' tab just to see the info in the first place. It is already hidden well-enough for Did this work before? Yes Chromium v49 Chrome version: 49.0.2623.110 Channel: n/a OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: Shockwave Flash 21.0 r0 I don't get why these kinds of things keep happening. Chromium used to be pretty good on info & security and just drops the ball hard far too often.
,
May 20 2016
I'll be updating this issue with a picture of how things look on Chromium v50+ versions.
,
May 22 2016
I just reported https://bugs.chromium.org/p/chromium/issues/detail?id=613855 that is essentially the same.
,
May 22 2016
,
May 22 2016
Issue 613855 has been merged into this issue.
,
May 23 2016
Here's an update with a picture of the issue I am having on Chromium versions 50 and higher not showing the security info like previous versions. https://anony.ws/i/2016/05/24/ChromiumSecurityFail.png
,
May 23 2016
The entire 'Connections' tab was removed and there's no good reason why that was done. Having to click 'Details' and then reload the page are extra unnecessary steps. Please revert this change to the original pre-v50 functionality that was present as of at least v49.
,
May 24 2016
I agree with the notion.. The old, pre v50, security pane was very useful.
,
May 25 2016
I want to mention, that CIPHER Information is useful, not only for established SSL Connections, but for failed connections too!
1. The user should be able to access the complete diagnostics of a failed SSL Handshake
2. The user should be able to see a static list of built-in CIPHER Suites like the one that comes with openssl for example. See (on the command line)
`openssl ciphers`
and/or
`openssl ciphers -v`
for an example how such a list can be formatted.
,
May 25 2017
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by totallyf...@gmail.com
, May 20 201689.9 KB
89.9 KB View Download