Om de ûnderfining foar jo te ferbetterjen is tydlik de funksjonaliteit dan dizze website troch ûnderhâldswurk beheind. Wannear in artikel jo probleem net oplost en jo in fraach stelle wolle, kin ús stipemienskip jo helpe yn @FirefoxSupport op Twitter en /r/firefox op Reddit.

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

Why is my bank's secure website showing a grey triangle and exclaimation point while IE shows no problems with the security?

more options

Every time I try to log in to my bank's secure website with Firefox at https://www.huntington.com/ I get a grey triangle icon with exclamation point and the message when I hover over is "This website does not provide identity information". But when I open the same website in Internet Explorer there is no warning and it shows as being fully secured. The same thing happens intermittently when I browse to ebay's secure log in.

Every time I try to log in to my bank's secure website with Firefox at https://www.huntington.com/ I get a grey triangle icon with exclamation point and the message when I hover over is "This website does not provide identity information". But when I open the same website in Internet Explorer there is no warning and it shows as being fully secured. The same thing happens intermittently when I browse to ebay's secure log in.

Keazen oplossing

Note that Firefox shows warning messages in the Browser Console and in the Web Console

This site uses the cipher RC4 for encryption, which is deprecated and insecure. www.huntington.com
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More]
Dit antwurd yn kontekst lêze 👍 1

Alle antwurden (6)

more options

Starting in version 36, Firefox no longer treats RC4 encryption ciphers as secure because they are breakable (i.e., a sophisticated attacker could decrypt the data you exchange with the server). Firefox does not have a specific message in the UI to let you know this, but if you look at the site in Google Chrome, click the padlock, and view the Connection information, you will see this specific issue mentioned there. (Screenshot attached for reference.)

more options

eBay, on the other hand, gives me a green lock. (Screen shot attached.) So that one is more alarming to me if you get a warning there...

Bewurke troch jscher2000 - Support Volunteer op

more options

Keazen oplossing

Note that Firefox shows warning messages in the Browser Console and in the Web Console

This site uses the cipher RC4 for encryption, which is deprecated and insecure. www.huntington.com
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More]
more options

cor-el said

Note that Firefox shows warning messages in the Browser Console and in the Web Console
This site uses the cipher RC4 for encryption, which is deprecated and insecure. www.huntington.com
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More]

What this does not explain is what's actually going on.

As far as I know, if a website supports a wide range of encryption ciphers, in a specific order, the browser will use the best one first. There are still lots of browsers out there that only support RC4, so sites cannot really turn this off.

What I would like to know is, does the grey ! and the console warning mean that the site you are connecting to supports RC4, and therefore be careful, or that you are currently connected using RC4 cipher, which is very different indeed...

more options

wcndave said

What I would like to know is, does the grey ! and the console warning mean that the site you are connecting to supports RC4, and therefore be careful, or that you are currently connected using RC4 cipher, which is very different indeed...

It means the second one: Firefox couldn't connect with a cipher better than RC4 so that is what is in use.

Some servers actually offer only one cipher, probably for maximum backwards compatibility. You can use the following test page to see what ciphers are offered: https://www.ssllabs.com/ssltest/

more options

jeffk1 said

Every time I try to log in to my bank's secure website with Firefox at https://www.huntington.com/ I get a grey triangle icon with exclamation point and the message when I hover over is "This website does not provide identity information".

The huntington.com online banking site is currently using obsolete, substandard SSL security algorithms, which IMHO is completely inexcusable for a financial institution. I wrote a complaint to their security department at idtheft@huntington.com and highly recommend other customers complain loudly as well, to make this a higher priority for them.

Below is their response. It has the feel of a form letter and is not signed by the unnamed author.


From: <Mailbox-IDTheft@huntington.com> Subject: RE: Huntington.com website security question

We are dedicated to your online safety and security and use sophisticated technology to provide a secure online experience. However, we also continually strive to remain on the cutting edge of Internet technology which is why we are in the process of further strengthening our SSL security to meet the increased security requirements that Chrome and Firefox recently implemented.

IT Security Analyst

The Huntington National Bank 7 Easton Oval EA3W21 Columbus, OH 43219 huntington.com