Gigabyte: Worst SSL Labs report i ever see

General discussion and chat (archived)
dark_moon

Gigabyte: Worst SSL Labs report i ever see

Unread post by dark_moon » 2018-01-14, 10:56

Look this (Gigabyte account registration site): https://www.ssllabs.com/ssltest/analyze ... gabyte.com
:lol: :thumbup: :clap:

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Gigabyte: Worst SSL Labs report i ever see

Unread post by Moonchild » 2018-01-14, 19:22

We need a world-wide ban on people still using IIS 6.0
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

BenFenner
Astronaut
Astronaut
Posts: 588
Joined: 2015-06-01, 12:52
Location: US Southeast

Re: Gigabyte: Worst SSL Labs report i ever see

Unread post by BenFenner » 2018-01-15, 15:33

Thanks for the reference site. I checked my own domains and while they rate an "A" there was good info about certs that will be distrusted soon. :thumbup:

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1622
Joined: 2015-07-23, 16:09
Location: Norway

Re: Gigabyte: Worst SSL Labs report i ever see

Unread post by Tomaso » 2018-01-15, 21:52

Here's another 'F':
viewtopic.php?f=29&t=13638&p=104926#p97021
That post is more than one year old, and deal.no is still using the same damn outdated certificate!
The worst thing is that it's a very popular web shop with a lot of customers too, and most browsers accept their certificate without as much as a warning.
I've actually notified this web shop's support division several times regarding this issue, but they never even bothered to send me a reply!
Last edited by Tomaso on 2018-01-15, 21:54, edited 3 times in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Gigabyte: Worst SSL Labs report i ever see

Unread post by Moonchild » 2018-01-15, 22:11

Tomaso: deal.no gets an 'F' because they are vulnerable to the POODLE TLS attack -- their certificate is actually fine. Other browsers connect to it without complaints because they still accept 3DES and the certificate checks out. Pale Moon doesn't allow 3DES for https by default because of its weak nature and known issue with their small block size (SWEET32 birthday attack). Like many other sites they likely won't change anything until mainstream browsers can no longer connect (and then they will likely have it fixed in a day or 2). mainstream browsers however are simply afraid to "break the web" and are holding off on disabling 3DES because nobody wants to go first. And there we have a status quo.
Last edited by Moonchild on 2018-01-15, 22:12, edited 1 time in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1622
Joined: 2015-07-23, 16:09
Location: Norway

Re: Gigabyte: Worst SSL Labs report i ever see

Unread post by Tomaso » 2018-01-15, 22:53

Moonchild wrote:deal.no gets an 'F' because they are vulnerable to the POODLE TLS attack
I know.
Thought it was related to the certificate.
I'm not actually comparing it to the horrible example posted by dark_moon.
But still, like I've pointed out many times before; this is just another example of how difficult it is to get any response from web developers.
Contacting support services is good for most things, but as soon as you mention a web problem... Nothing!
Last edited by Tomaso on 2018-01-15, 22:56, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Gigabyte: Worst SSL Labs report i ever see

Unread post by Moonchild » 2018-01-16, 12:52

I actually opened a new bugzilla bug to request disabling 3DES in Firefox (surprised there was none yet in search).
The sites left aren't going to be responsive to tech evangelism. They simply have to be forced to improve by browsers no longer supporting their 15 year old server software that is woefully insecure.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

dark_moon

Re: Gigabyte: Worst SSL Labs report i ever see

Unread post by dark_moon » 2018-01-18, 19:21

Thanks Moonchild!
Please let us know how the answer

Locked