Hi.
The website below not work on Basilisk and Pale Moon 28:
https://suche.org/sslClientInfo
Please verify.
TH.
TLS 1.3 test page doesn't work?
Moderator: Basilisk-Dev
Re: TLS 1.3 test page doesn't work?
Code: Select all
10:35:47.799 None of the “sha384” hashes in the integrity attribute match the content of the subresource. 1 sslClientInfo
Code: Select all
XML Parsing Error: not well-formed
Location: https://suche.org/SslHandshakeInfo
Line Number 1, Column 1076:
SslHandshakeInfo:1:1076
TypeError: req.responseXML is null[Learn More]
dF8eao4xCC3Q9xGTR1dULu5X2FQ.js:1:8596
Last edited by Moonchild on 2018-08-15, 08:55, edited 2 times in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: TLS 1.3 test page doesn't work?
Further investigation shows the XML being the problem:
Because they are apparently in the "AES is the only good cypher" camp and want to mark Camellia "obsolete", their script generates invalid XML due to nested quotes (obsoleted='1' inside a single-quoted id attribute). In addition, forward secrecy (pfs) for those suites is not "weak"! So even if it worked, their results are clearly extremely biased. I would take any results you get from it with a few drams of salt.
Code: Select all
<e id='69 obsoleted='1'' pfs='weak' keySize='128' name='TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA'/>
<e id='136 obsoleted='1'' pfs='weak' keySize='256' name='TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA'/>
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: TLS 1.3 test page doesn't work?
It works fine on Fx52.9 ESR and on Vivaldi and even Edge.
But you say that site is a test site for TLS 1.3? Qualys says the site uses TLS 1.2 and doesn't give any comment about TLS 1.3. On Fx 52.9 ESR and Vivaldi TLS 1.2 is used at the site and Basilisk is using TLS 1.2 there also (I get errors trying to tell what Edge uses there...probably TLS 1.2). Basilisk and Vivaldi use TLS 1.3 but not there (Fx 52.9 ESR has been blocked by Mozilla from using TLS 1.3 anywhere). So how is it a test site for TLS 1.3 when it is limited to TLS 1.2 for all browsers?
But you say that site is a test site for TLS 1.3? Qualys says the site uses TLS 1.2 and doesn't give any comment about TLS 1.3. On Fx 52.9 ESR and Vivaldi TLS 1.2 is used at the site and Basilisk is using TLS 1.2 there also (I get errors trying to tell what Edge uses there...probably TLS 1.2). Basilisk and Vivaldi use TLS 1.3 but not there (Fx 52.9 ESR has been blocked by Mozilla from using TLS 1.3 anywhere). So how is it a test site for TLS 1.3 when it is limited to TLS 1.2 for all browsers?
Re: TLS 1.3 test page doesn't work?
Please read my previous post again. I explained why this site doesn't work -- it's a problem on their end due to their own "special classification" of Camellia. Since Firefox doesn't support Camellia anymore (due to an arbitrary decision made a while back) the script doesn't run into its own error there. I'm assuming the same goes for webkit and edge likely jumping on the AES-exclusive wagon.Smokey20 wrote:It works fine on Fx52.9 ESR and on Vivaldi and even Edge.
Part of me hopes that the known weakening vulnerabilities of AES get exploited sometime, punishing the mainstream browsers for putting all their eggs in a known-weaker basket.
Last edited by Moonchild on 2018-08-17, 05:40, edited 1 time in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: TLS 1.3 test page doesn't work?
Yes, you did explain and it didn't sink in...sorry. This brings up, for me, something I find frustrating about Basilisk. I loved Pale Moon Commander when I was using Pale Moon. I really liked being able to see the cipher suites and choose which to use. (I was used to detailed security settings because I used the original Opera for many years). I can't see the cipher suites used in Basilisk. I wasn't sure whether Camellia was being used or not. I would love a Basilisk Commander.Moonchild wrote:Please read my previous post again. I explained why this site doesn't work -- it's a problem on their end due to their own "special classification" of Camellia.Smokey20 wrote:It works fine on Fx52.9 ESR and on Vivaldi and even Edge.
Oh, I suppose I can find the cipher suites in about:config. I recall Mozilla put them there in Fx...hid them basically. Yep, I see them But having the cipher suites presented so neatly in Pale Moon Commander (and in the original Opera) spoiled me!