Opened 18 months ago

Last modified 18 months ago

#30343 new defect

TBB Gives HTTPS Green Lock for misconfigured SSL/TLS

Reported by: bo0od Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I have just reported a flaw with passing a misconfigured ssl/tls certificate which is allowing MITM. I reported that against https-everywhere but they answered it that https-everywhere doesnt access ssl info. So maybe it is a browser level issue?

otherwise really what is the use of green lock and https-everywhere plugin if a website pretend to be having ssl/tls connection while in fact its just fake one and MITM is possible through it ?

SSL test:

HTTPS-Everywhere Github Ticket:

Child Tickets

Change History (2)

comment:1 Changed 18 months ago by gk

Parent ID: #30335

comment:2 Changed 18 months ago by gk

Sounds like an upstream issue. Could you file a bug at Mozilla's bugzilla as I assume Firefox is affected here as well? (Please add the ticket number here for reference)

Note: See TracTickets for help on using tickets.