Dell support shows broken encryption

[Smokey20]

On current Basilisk 2019.06.8 (10 Pro ver 1803) version Dell Support MOST (but not all) pages show broken encryption. That is particularly bad because you enter your service tag number there. I was even able to see OTHER DELL USERS service tags and other private information.

The previous Basilisk version which I still had on my other computer (8 Pro) does NOT have this problem. I updated on that computer to the current version and the encryption is broken now on it also.

https://www.dell.com/support/home/us/en/04/

[pintorama]

I don't know if this will resolve things in Basilisk, but Dell has issued a patch for its Support Assistant: https://www.dell.com/support/article/th ... ty?lang=en . It would seem you should install this regardless of the issue with Basilisk.

[Smokey20]

Thanks, but I have been purchasing Dell Small Business computers since 1999. The Decrapifier was originally name DELL Decrapifier. So, I know all about the junk that comes on Dell computers (even Pro versions from Small Business). Support Assist is awful except for those home users who refuse to learn about their computers. I always remove all of that especially since Dell is actually worse than Microsoft in taking away user control. I don't need to worry about PC Doctor buggy junk as it is not on my computers. I agree though that anyone who insists on keeping PC Doctor Dell Support Assist on their computer should immediately install the patch.

This problem I am seeing on both Windows 10 Pro machine and Windows 8 Pro machine is unrelated to Support Assist. I see this problem ONLY on current Basilisk and NOT on earlier versions of Basilisk, or on Fx60.x ESR, Waterfox or Vivaldi.

[Moonchild]

I don't see anything wrong with the dell website.
The "Broken encryption" indicator means that whatever is negotiated with the browser in you situation is too weak to be considered a secure connection. Since the cipher is AES-GCM, and the protocol is TLS 1.2, that shouldn't be the case.

UPDATE: I went to the specific page in your URL and it contains scripts/active content that are loaded over an insecure connection (mixed content). If you allow that mixed content, then you basically break the encryption which would result in what you see.

[Moonchild]

The specific errors are as follows:

13:15:33.014 Blocked loading mixed active content “http://127.0.0.1:8884/clientservice/isa ... 1374932366”[Learn More]
top.min.js:1:82461
13:15:33.046 Blocked loading mixed active content “http://127.0.0.1:8883/clientservice/isa ... 1374932367”[Learn More]
top.min.js:1:82461
13:15:33.102 Blocked loading mixed active content “http://127.0.0.1:8886/clientservice/isa ... 1374932368”[Learn More]
top.min.js:1:82461
13:15:33.116 Blocked loading mixed active content “http://127.0.0.1:8885/clientservice/isa ... 1374932369”[Learn More]
top.min.js:1:82461
13:15:33.541 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://i.dell.com/tlsdata. (Reason: missing token ‘sec_req_type’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel).

So for some reason the website wants to talk to something on your local machine and uses http to do so -- likely to interact with the proprietary Dell service software. Pale Moon will block that by default -- if you allow it, the encryption is considered broken (because it is).