Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Az oldal korlátolt funkcionalitással fog rendelkezni, amíg elvégezzük a felhasználói élményt javító karbantartást. Ha egy leírás nem oldja meg a problémáját, és kérdést tenne fel, akkor a támogatási közösségünk a @FirefoxSupport Twitter oldalon tud segíteni, vagy az /r/firefox oldalon a Redditen.

Támogatás keresése

Kerülje el a támogatási csalásokat. Sosem kérjük arra, hogy hívjon fel egy telefonszámot vagy osszon meg személyes információkat. Jelentse a gyanús tevékenységeket a „Visszaélés bejelentése” lehetőséggel.

További tudnivalók

A témacsoportot lezárták és archiválták. Tegyen fel új kérdést, ha segítségre van szüksége.

Validity of security certificate on a website

  • 7 válasz
  • 3 embernek van ilyen problémája
  • 16 megtekintés
  • Utolsó üzenet ettől: crawj

more options

I am looking for help on the validity and security of a website. The page in question is the one that opens when clicking the "Start Now" button on this page: https://www.gov.uk/send-vat-return

When the "Start now" button is pressed a new tab opens up and briefly a green padlock is seen before turning into a grey triangle with an exclamation mark.

My questions are: Is the site secure? And if it is why am I getting the grey triangle with the exclamation mark?

Many thanks

I am looking for help on the validity and security of a website. The page in question is the one that opens when clicking the "Start Now" button on this page: https://www.gov.uk/send-vat-return When the "Start now" button is pressed a new tab opens up and briefly a green padlock is seen before turning into a grey triangle with an exclamation mark. My questions are: Is the site secure? And if it is why am I getting the grey triangle with the exclamation mark? Many thanks

Kiválasztott megoldás

You can use the Web Console to further investigate the problem. Here's how:

Open the Web Console in the lower part of that tab using either Ctrl+Shift+k or the Developer menu.

Reload the page bypassing cache (Ctrl+Shift+r, or Shift+click the reload button in the address bar).

Check for red warning triangles.

As shown in the attached, the site hosting the analytics script uses the RC4 cipher, which Firefox 36 and later treat as insecure. In a future version, Firefox won't even load the script, so it's something the site should try to work out with its vendor.

Válasz olvasása eredeti szövegkörnyezetben 👍 1

Összes válasz (7)

more options

Oddly, I see the green padlock the entire time.

The grey triangle means that parts of the page are secure, but parts of it (specifically some of the images) are not.

more options

Hello, user293 is correct. the not secure part of the webpage in the analytics-egain.com

thank you

EDIT ; probably the site is Ok, maybe some part of the code is incorrect :

https://safeweb.norton.com/report/show?url=analytics-egain.com

https://app.webinspector.com/public/reports/36559585

Módosította: ideato,

more options

I have tried a few computers and the follow up page after clicking the "start now" button always gives me the grey triangle with the exclamation mark unfortunately.

Looking at the browser console under security what stood out was the line saying:

"online.hmrc.gov.uk : server does not support RFC 5746, see CVE-2009-3555"

Would this be a cause for concern as well?

Thanks

Módosította: crawj,

more options

Kiválasztott megoldás

You can use the Web Console to further investigate the problem. Here's how:

Open the Web Console in the lower part of that tab using either Ctrl+Shift+k or the Developer menu.

Reload the page bypassing cache (Ctrl+Shift+r, or Shift+click the reload button in the address bar).

Check for red warning triangles.

As shown in the attached, the site hosting the analytics script uses the RC4 cipher, which Firefox 36 and later treat as insecure. In a future version, Firefox won't even load the script, so it's something the site should try to work out with its vendor.

more options

By the way, the analytics site is sending a script file, so you can use an extension to block that if you like and see a green lock for the page.

If you would rarely want to do this, you could try YesScript: https://addons.mozilla.org/firefox/addon/yesscript/

more options

I see this message in the Web Console (Firefox/Tools > Web Developer) that is likely responsible for this issue.

This site uses the cipher RC4 for encryption, which is deprecated and insecure.

This is about requesting this file as you can see in the Network monitor (see the icon in the domain column):

more options

Thank you all for your help.