IceCat 60 showing sites as "insecure" despite using HTTPS
(address . bug-guix@gnu.org)
I don't know if this is a problem specific to Guix or upstream; I can
give IceCat a try in a Debian VM tomorrow. But I want to make others
aware of the problem in the meantime:
Even if sites are using HTTPS, IceCat is still saying "This connection
is insecure" if you click on the "i" icon in the URL bar. This seems to
be a problem with every HTTPS site I visit.
On the "Security" tab of the "Page Info" dialog, under "Technical
Details", no certificate information is listed; it simply says
"Connection Not Encrypted". That's clearly not true, otherwise the page
would fail to load. I've tried with sites that use HSTS and don't even
support plaintext connections (e.g. my own)---the pages load just fine.
I haven't played around with sites with expired certificates or anything
yet. But if IceCat is not reporting security status correctly, then
users may be at risk, so be careful in the meantime!
--
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJbqbgAAAoJEIyRe39dxRuiUCAQAK7X0IkzrupMHKTepe8Hk6kk
oCQVWJPNaMcwEknghYFISg7LZJmP7AtlujzkTv85A4dvzeQKbMuOklQcJ3wbVmju
PdxNThdSHJ/jGsDHM/P3spberUP+rC8XtFqGFefGHLdF0//PaLXwncEK8ePvUpai
Y0EpyAiEl18B54sTNPijFA4jEXvNsaxnH87AdjcRLdb08M6DkShG6ND0VcAbdq8O
5HBkmr2USH/bJx7aatR3ItT9uMR4vaaCJ9j+6iMEltZAmWPVum8Jcj/AmKeNgBKf
t+tBQftuzW6N7kV5TGcY6J2ROaMp5TI32PQCYpmAyYY8vaDEb26PDZDaIZ4aDDtj
9Ay1aSjyrLQBLo002gKEvIkcnOQpoafHSc+BJAGbb3qZRn2QQ0oh99wOZWh9pRWv
jRI4Ts5DXBGMM/KPk2uNQvoworaZW11h3w2t8xAS3UqA0Z7xBt5idXBXK8M/NhUg
Qs2G8FTR6PyqF6LMhGlFjfHe21gsJ/aUf20RFw8lUdJWSG+Etpxqj4ayPpcmHfZh
1i/KZlfktAu4FLp/lqlqfdcVxJfVf1fL5M9WZ4zYlRCAh+SmZb7n/L7dbTPAzmOO
vQpaetoNjxpgzpP3cqHpibk9X9c1BYGDlvcWWRIO3YhZ1M4NiGe13//GMTaDFbgs
oxu8drjYbE/EltEfw4CA
=Iw+E
-----END PGP SIGNATURE-----