SSL security test failure

General discussion and chat (archived)
Goodydino
Keeps coming back
Keeps coming back
Posts: 820
Joined: 2017-10-10, 21:20

SSL security test failure

Unread post by Goodydino » 2018-03-25, 18:20

At https://badssl.com/dashboard/, Pale Moon fails the test for sha-1 intermediate, but SeaMonkey passes. Why? I had disabled some of the encryption protocols that I was advised were unsafe to use in SeaMonkey, and done the same with Pale Moon. Since they were the same settings disabled in both, why did SeaMonkey pass and Pale Moon fail?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: SSL security test failure

Unread post by Moonchild » 2018-03-25, 20:01

Pale Moon doesn't reject SHA-1 signed intermediate certificates at the moment, because there have thus far been plenty situations where these signatures are in use (e.g. locally-installed AV suites, local proxies, enterprise setups, etc.).
Ultimately, it is the responsibility of a CA to ensure properly strong signatures on their issuing certificates.

If this is considered a major enough issue, I can look into changing this policy provided it won't cause too much breakage.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

testator777

Re: SSL security test failure

Unread post by testator777 » 2018-03-30, 06:07

For those of us who may want to set it manually, how would one disable the acceptance of SHA-1 signed certificates? Is this a about:config setting or is it compiled into the build? I didn't see such a thing under the pale moon commander options.

Goodydino
Keeps coming back
Keeps coming back
Posts: 820
Joined: 2017-10-10, 21:20

Re: SSL security test failure

Unread post by Goodydino » 2018-03-30, 18:15

I believe I got the information about what to disable in about:config here:
https://gist.github.com/haasn/69e19fc2f ... /revisions

Locked