Test whether the world is ready for security.ssl.require_safe_negotiation -> true

[pyllyukko]

[Atavic]

Seems like one of the many implementations that web admins tend to ignore: https://forum.palemoon.org/viewtopic.php?t=14549#p104106

[pyllyukko]

It's not a matter of configuration, but upgrading the underlying TLS library to a version that supports RFC5746.

[pyllyukko]

At least www.vmware.com is not ready :frowning_face:

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated

[Atavic]

World doesn't seem ready yet, as RFC is actually supported by OpenSSL and others, but it's rarely implemented on the mail and webservers?

On Thunderbird: security.ssl.warn_missing_rfc5746;1

[jakejarvis]

I know this is ancient but just adding that this broke Hulu login (auth.hulu.com) for me. 😞

[Atavic]

Blame Hulu admins.

[jakejarvis]

@Atavic oh yes, to be clear I'm definitely not blaming you guys! I'm just sad that some of the biggest websites are still way behind on implementing this almost two years later.

[pyllyukko]

identify.nordea.com not ready :(

15.4.2024: Secure Renegotiation Supported

[pyllyukko]

tools.cisco.com not ready.

[pyllyukko]

caterpillar.com

15.4.2024: Works

[pyllyukko]

https://support-us.samsung.com/

15.4.2024: SSL_ERROR_UNSAFE_NEGOTIATION

[polyzen]

Needs to be toggled when logging into https://www.verizon.com/, for https://ssoauth.verizon.com.

[pyllyukko]

Needs to be toggled when logging into https://www.verizon.com/, for https://ssoauth.verizon.com.

These seem to work now.