Issue metadata
Sign in to add a comment
|
old TLS configuration
Reported by
yigitcny...@gmail.com,
Aug 19
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 Steps to reproduce the problem: 1. Open Google Chrome 2. Go this website: https://mozilla-old.badssl.com/ What is the expected behavior? Google Chrome should not be trust this web page What went wrong? Google Chrome is trust to this webpage Did this work before? Yes Google Chrome 68.0.3440.106 Chrome version: 68.0.3440.106 Channel: stable OS Version: OS X 10.11.6 Flash Version: Details for old TLS configuration : https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
,
Aug 19
Yep, this is working as intended. The "Mozilla Old" config includes modern, strong ciphersuites (which is what Chrome connects to it using). It also includes old, insecure ciphersuites so that the server can make connections with old clients. For up-to-date versions of Chrome, they will negotiate using secure ciphersuites when connecting to the server (if you see otherwise when looking at the connection information, e.g., in the Security panel of Dev Tools, feel free to file another bug).
,
Nov 26
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by carlosil@chromium.org
, Aug 19Labels: Security_Impact-Stable Security_Severity-Low
Owner: cthomp@chromium.org
Status: Assigned (was: Unconfirmed)