Secure Connection Failed…interrupted while the page was loading

The place to report Pale Moon specific bugs on Linux and other operating systems.

Moderator: satrow

User avatar
Phlip
Newbie
Newbie
Posts: 3
Joined: Tue, 04 Sep 2018, 12:03

Secure Connection Failed…interrupted while the page was loading

Unread postby Phlip » Mon, 10 Sep 2018, 14:49

Hello,

I'm using version 28.0.1 on Linux.

I seem to encounter the exact same problem as viewtopic.php?f=57&t=14939 :
"Secure Connection Failed…interrupted while the page was loading"
when I try to view the list of branches on my bank website : https://agences.credit-cooperatif.coop/

I can display it with FF, Opera, Chromium, Min ... without even a warning.
Should I tell my bank that their website is not secure, or can you offer a workaround?

Thanks for the great work!

yami_
Fanatic
Fanatic
Posts: 110
Joined: Thu, 26 Apr 2018, 11:05

Re: Secure Connection Failed…interrupted while the page was loading

Unread postby yami_ » Mon, 10 Sep 2018, 15:19

Off-topic:
Wow... And also: MS IIS 6.0 in 2018, really?
Pale Moon will not connect to a SSL/TLS server that is only offering RC2/RC4/DES/3DES support out of the box. You would probably need to enable 3DES support for that webpage: viewtopic.php?f=24&t=6262#p40401. Keep in mind that if you make those changes your connections will no longer be secure.
cat came back from Berkeley waving flags
- rob pike

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 21952
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Secure Connection Failed…interrupted while the page was loading

Unread postby Moonchild » Mon, 10 Sep 2018, 15:28

This isn't a problem in the browser. If it displays in other browsers then those browsers are NOT taking connection security seriously.

See the SSL report:
https://www.ssllabs.com/ssltest/analyze ... ratif.coop

They only support RC4 (insecure) and worse (export, DES). The only half-way acceptable cypher is 3DES, but that is disabled in Pale Moon for being known-weak and unacceptable for any sort of secure connection on the public web, especially for financial institutions.
On top, they support SSL 2.0 and SSL 3.0, woefully outdated and insecure protocols. Any financial insititution should not only support TLS 1.2, but enforce it, if i understood the laws passed correctly, since mid this year.

You should be on the phone with them and have a stern talk. Their server is dangerously insecure, and if they don't fix it it will likely cost them their license to operate a financial institution on-line.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

User avatar
Phlip
Newbie
Newbie
Posts: 3
Joined: Tue, 04 Sep 2018, 12:03

Re: Secure Connection Failed…interrupted while the page was loading

Unread postby Phlip » Thu, 13 Sep 2018, 08:47

Thank you yami_ and Moonchild for your thorough answers.

I will raise these points to their attention ;). It's a small structure, engaged in ethical banking - not so common.

But pages appearing as https in all these browsers, with the little padlock, giving a false sense of security... That's terrible.
Just for fun, I tried to connect with the Tor browser, and I could display the page, again without any warning... makes me wonder :? Maybe a pity that the Tor team did all the work to run on top of the latest FF.

Coming back to Crédit Coopératif, the problem appears to be only on the page with the list of branches, not the banking operations. These are maybe not optimal, according to sslabs https://www.ssllabs.com/ssltest/analyze.html?d=www.credit-cooperatif.coop&latest, but not that bad. And I can access them with Pale Moon without any glitch so far.

After this little experience, I'm not about to give up Pale Moon as my main browser. :thumbup:

dinosaur
Fanatic
Fanatic
Posts: 125
Joined: Tue, 03 Jun 2014, 09:26
Location: France

Re: Secure Connection Failed…interrupted while the page was loading

Unread postby dinosaur » Thu, 13 Sep 2018, 22:23

Phlip wrote:I will raise these points to their attention ;). It's a small structure, engaged in ethical banking - not so common.
They risk being unethically hacked ! :o
And they urgently need a competent admin for their web server... :shock:

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 21952
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Secure Connection Failed…interrupted while the page was loading

Unread postby Moonchild » Fri, 14 Sep 2018, 15:20

Phlip wrote:Coming back to Crédit Coopératif, the problem appears to be only on the page with the list of branches, not the banking operations. These are maybe not optimal, according to sslabs https://www.ssllabs.com/ssltest/analyze ... oop&latest, but not that bad.

Actually, for a banking institution, this is still pretty bad and must be improved. Prioritizing DHE over ECDHE and with a weak key size to boot, and with RSA prioritized over ECDHE, they are pretty much guaranteed to have weak encryption with clients (see handshake simulation that is either Weak DH at risk of LOGJAM, or no forward secrecy due to RSA key exchange). The lack of forward secrecy with reference browser for a bank is pretty bad.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne


Return to “Bug reports (Linux & other)”

Who is online

Users browsing this forum: No registered users and 1 guest