Secure Connection Failed…interrupted while the page was loading

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Phlip

Secure Connection Failed…interrupted while the page was loading

Unread post by Phlip » 2018-09-10, 14:49

Hello,

I'm using version 28.0.1 on Linux.

I seem to encounter the exact same problem as viewtopic.php?f=57&t=14939 :
"Secure Connection Failed…interrupted while the page was loading"
when I try to view the list of branches on my bank website : https://agences.credit-cooperatif.coop/

I can display it with FF, Opera, Chromium, Min ... without even a warning.
Should I tell my bank that their website is not secure, or can you offer a workaround?

Thanks for the great work!

yami_

Re: Secure Connection Failed…interrupted while the page was loading

Unread post by yami_ » 2018-09-10, 15:19

Off-topic:
Wow... And also: MS IIS 6.0 in 2018, really?
Pale Moon will not connect to a SSL/TLS server that is only offering RC2/RC4/DES/3DES support out of the box. You would probably need to enable 3DES support for that webpage: viewtopic.php?f=24&t=6262#p40401. Keep in mind that if you make those changes your connections will no longer be secure.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Secure Connection Failed…interrupted while the page was loading

Unread post by Moonchild » 2018-09-10, 15:28

This isn't a problem in the browser. If it displays in other browsers then those browsers are NOT taking connection security seriously.

See the SSL report:
https://www.ssllabs.com/ssltest/analyze ... ratif.coop

They only support RC4 (insecure) and worse (export, DES). The only half-way acceptable cypher is 3DES, but that is disabled in Pale Moon for being known-weak and unacceptable for any sort of secure connection on the public web, especially for financial institutions.
On top, they support SSL 2.0 and SSL 3.0, woefully outdated and insecure protocols. Any financial insititution should not only support TLS 1.2, but enforce it, if i understood the laws passed correctly, since mid this year.

You should be on the phone with them and have a stern talk. Their server is dangerously insecure, and if they don't fix it it will likely cost them their license to operate a financial institution on-line.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Phlip

Re: Secure Connection Failed…interrupted while the page was loading

Unread post by Phlip » 2018-09-13, 08:47

Thank you yami_ and Moonchild for your thorough answers.

I will raise these points to their attention ;). It's a small structure, engaged in ethical banking - not so common.

But pages appearing as https in all these browsers, with the little padlock, giving a false sense of security... That's terrible.
Just for fun, I tried to connect with the Tor browser, and I could display the page, again without any warning... makes me wonder :? Maybe a pity that the Tor team did all the work to run on top of the latest FF.

Coming back to Crédit Coopératif, the problem appears to be only on the page with the list of branches, not the banking operations. These are maybe not optimal, according to sslabs https://www.ssllabs.com/ssltest/analyze.html?d=www.credit-cooperatif.coop&latest, but not that bad. And I can access them with Pale Moon without any glitch so far.

After this little experience, I'm not about to give up Pale Moon as my main browser. :thumbup:

dinosaur
Fanatic
Fanatic
Posts: 165
Joined: 2014-06-03, 09:26
Location: France

Re: Secure Connection Failed…interrupted while the page was loading

Unread post by dinosaur » 2018-09-13, 22:23

Phlip wrote:I will raise these points to their attention ;). It's a small structure, engaged in ethical banking - not so common.
They risk being unethically hacked ! :o
And they urgently need a competent admin for their web server... :shock:

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Secure Connection Failed…interrupted while the page was loading

Unread post by Moonchild » 2018-09-14, 15:20

Phlip wrote:Coming back to Crédit Coopératif, the problem appears to be only on the page with the list of branches, not the banking operations. These are maybe not optimal, according to sslabs https://www.ssllabs.com/ssltest/analyze ... oop&latest, but not that bad.
Actually, for a banking institution, this is still pretty bad and must be improved. Prioritizing DHE over ECDHE and with a weak key size to boot, and with RSA prioritized over ECDHE, they are pretty much guaranteed to have weak encryption with clients (see handshake simulation that is either Weak DH at risk of LOGJAM, or no forward secrecy due to RSA key exchange). The lack of forward secrecy with reference browser for a bank is pretty bad.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked