Gigabyte: Worst SSL Labs report i ever see

For the more technical/geeky chat subjects!

Moderator: satrow

dark_moon

Gigabyte: Worst SSL Labs report i ever see

Unread postby dark_moon » Sun, 14 Jan 2018, 10:56

Look this (Gigabyte account registration site): https://www.ssllabs.com/ssltest/analyze ... gabyte.com
:lol: :thumbup: :clap:

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22003
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Gigabyte: Worst SSL Labs report i ever see

Unread postby Moonchild » Sun, 14 Jan 2018, 19:22

We need a world-wide ban on people still using IIS 6.0
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

BenFenner
Fanatic
Fanatic
Posts: 146
Joined: Mon, 01 Jun 2015, 12:52
Location: US Southeast

Re: Gigabyte: Worst SSL Labs report i ever see

Unread postby BenFenner » Mon, 15 Jan 2018, 15:33

Thanks for the reference site. I checked my own domains and while they rate an "A" there was good info about certs that will be distrusted soon. :thumbup:

User avatar
Tomaso
Keeps coming back
Keeps coming back
Posts: 956
Joined: Thu, 23 Jul 2015, 16:09
Location: Norway

Re: Gigabyte: Worst SSL Labs report i ever see

Unread postby Tomaso » Mon, 15 Jan 2018, 21:52

Here's another 'F':
viewtopic.php?f=29&t=13638&p=104926#p97021
That post is more than one year old, and deal.no is still using the same damn outdated certificate!
The worst thing is that it's a very popular web shop with a lot of customers too, and most browsers accept their certificate without as much as a warning.
I've actually notified this web shop's support division several times regarding this issue, but they never even bothered to send me a reply!
Last edited by Tomaso on Mon, 15 Jan 2018, 21:54, edited 3 times in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22003
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Gigabyte: Worst SSL Labs report i ever see

Unread postby Moonchild » Mon, 15 Jan 2018, 22:11

Tomaso: deal.no gets an 'F' because they are vulnerable to the POODLE TLS attack -- their certificate is actually fine. Other browsers connect to it without complaints because they still accept 3DES and the certificate checks out. Pale Moon doesn't allow 3DES for https by default because of its weak nature and known issue with their small block size (SWEET32 birthday attack). Like many other sites they likely won't change anything until mainstream browsers can no longer connect (and then they will likely have it fixed in a day or 2). mainstream browsers however are simply afraid to "break the web" and are holding off on disabling 3DES because nobody wants to go first. And there we have a status quo.
Last edited by Moonchild on Mon, 15 Jan 2018, 22:12, edited 1 time in total.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

User avatar
Tomaso
Keeps coming back
Keeps coming back
Posts: 956
Joined: Thu, 23 Jul 2015, 16:09
Location: Norway

Re: Gigabyte: Worst SSL Labs report i ever see

Unread postby Tomaso » Mon, 15 Jan 2018, 22:53

Moonchild wrote:deal.no gets an 'F' because they are vulnerable to the POODLE TLS attack

I know.
Thought it was related to the certificate.
I'm not actually comparing it to the horrible example posted by dark_moon.
But still, like I've pointed out many times before; this is just another example of how difficult it is to get any response from web developers.
Contacting support services is good for most things, but as soon as you mention a web problem... Nothing!
Last edited by Tomaso on Mon, 15 Jan 2018, 22:56, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22003
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Gigabyte: Worst SSL Labs report i ever see

Unread postby Moonchild » Tue, 16 Jan 2018, 12:52

I actually opened a new bugzilla bug to request disabling 3DES in Firefox (surprised there was none yet in search).
The sites left aren't going to be responsive to tech evangelism. They simply have to be forced to improve by browsers no longer supporting their 15 year old server software that is woefully insecure.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

dark_moon

Re: Gigabyte: Worst SSL Labs report i ever see

Unread postby dark_moon » Thu, 18 Jan 2018, 19:21

Thanks Moonchild!
Please let us know how the answer


Return to “Technical chat”

Who is online

Users browsing this forum: No registered users and 1 guest