Opened 3 months ago
Last modified 3 months ago
#30343 new defect
TBB Gives HTTPS Green Lock for misconfigured SSL/TLS
| Reported by: | bo0od | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | High | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Major | Keywords: | |
| Cc: | Actual Points: | ||
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description
I have just reported a flaw with passing a misconfigured ssl/tls certificate which is allowing MITM. I reported that against https-everywhere but they answered it that https-everywhere doesnt access ssl info. So maybe it is a browser level issue?
otherwise really what is the use of green lock and https-everywhere plugin if a website pretend to be having ssl/tls connection while in fact its just fake one and MITM is possible through it ?
SSL test:
https://www.ssllabs.com/ssltest/analyze.html?d=zu.ac.ae
HTTPS-Everywhere Github Ticket:
https://github.com/EFForg/https-everywhere/issues/17851#event-2309447045
Child Tickets
Change History (2)
comment:1 Changed 3 months ago by
| Parent ID: | #30335 |
|---|
comment:2 Changed 3 months ago by
Note: See
TracTickets for help on using
tickets.
Sounds like an upstream issue. Could you file a bug at Mozilla's bugzilla as I assume Firefox is affected here as well? (Please add the ticket number here for reference)