I found that:
https://badssl.com
https://github.com/chromium/badssl.com
The tests are a little bit confusing for me, but maybe for some the site is nice
BadSSL - site for testing clients against bad SSL configs
Re: BadSSL - site for testing clients against bad SSL configs
Made by the Chromium developers? I smell bias.
Just ran the test, and Pale Moon comes back just fine. The only "red" one is 1024-bit DH key exchange. This is within the spec and not bad, and required for some older servers that don't support DH keys > 1024bits. Clients should only reject DH primes less than (not less than or equal to) 1024 bits in size.
See also https://weakdh.org
Just ran the test, and Pale Moon comes back just fine. The only "red" one is 1024-bit DH key exchange. This is within the spec and not bad, and required for some older servers that don't support DH keys > 1024bits. Clients should only reject DH primes less than (not less than or equal to) 1024 bits in size.
See also https://weakdh.org
EDIT: issue opened: https://github.com/chromium/badssl.com/issues/282If you’re a sysadmin or developer …
Make sure any TLS libraries you use are up-to-date, that servers you maintain use 2048-bit or larger primes, and that clients you maintain reject Diffie-Hellman primes smaller than 1024-bit.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: BadSSL - site for testing clients against bad SSL configs
So, yeah, they have explicitly designed the site to give "OK" and "GOOD" marks to exactly the limits of current versions of Chromium. And bringing up the (weak but generally acceptable) 1024-bit DH key issue got a response as if stepping in a nest of adders. Refusing to consider it as much legacy as 3DES is because it looks better.
Bias, plain and simple.
Bias, plain and simple.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: BadSSL - site for testing clients against bad SSL configs
I read the comments on github. Yeah...i'm not surprised
Re: BadSSL - site for testing clients against bad SSL configs
That being said, the next version of Pale Moon has the capabilities (by enabling a few more RSA suites) to safely disable static DHE cipher suites, so I'm guessing that it will come up green in their Chromium test from then on.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite