为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Why is my bank's secure website showing a grey triangle and exclaimation point while IE shows no problems with the security?

more options

Every time I try to log in to my bank's secure website with Firefox at https://www.huntington.com/ I get a grey triangle icon with exclamation point and the message when I hover over is "This website does not provide identity information". But when I open the same website in Internet Explorer there is no warning and it shows as being fully secured. The same thing happens intermittently when I browse to ebay's secure log in.

Every time I try to log in to my bank's secure website with Firefox at https://www.huntington.com/ I get a grey triangle icon with exclamation point and the message when I hover over is "This website does not provide identity information". But when I open the same website in Internet Explorer there is no warning and it shows as being fully secured. The same thing happens intermittently when I browse to ebay's secure log in.

被采纳的解决方案

Note that Firefox shows warning messages in the Browser Console and in the Web Console

This site uses the cipher RC4 for encryption, which is deprecated and insecure. www.huntington.com
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More]
定位到答案原位置 👍 1

所有回复 (6)

more options

Starting in version 36, Firefox no longer treats RC4 encryption ciphers as secure because they are breakable (i.e., a sophisticated attacker could decrypt the data you exchange with the server). Firefox does not have a specific message in the UI to let you know this, but if you look at the site in Google Chrome, click the padlock, and view the Connection information, you will see this specific issue mentioned there. (Screenshot attached for reference.)

more options

eBay, on the other hand, gives me a green lock. (Screen shot attached.) So that one is more alarming to me if you get a warning there...

由jscher2000 - Support Volunteer于修改

more options

选择的解决方案

Note that Firefox shows warning messages in the Browser Console and in the Web Console

This site uses the cipher RC4 for encryption, which is deprecated and insecure. www.huntington.com
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More]
more options

cor-el said

Note that Firefox shows warning messages in the Browser Console and in the Web Console
This site uses the cipher RC4 for encryption, which is deprecated and insecure. www.huntington.com
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More]

What this does not explain is what's actually going on.

As far as I know, if a website supports a wide range of encryption ciphers, in a specific order, the browser will use the best one first. There are still lots of browsers out there that only support RC4, so sites cannot really turn this off.

What I would like to know is, does the grey ! and the console warning mean that the site you are connecting to supports RC4, and therefore be careful, or that you are currently connected using RC4 cipher, which is very different indeed...

more options

wcndave said

What I would like to know is, does the grey ! and the console warning mean that the site you are connecting to supports RC4, and therefore be careful, or that you are currently connected using RC4 cipher, which is very different indeed...

It means the second one: Firefox couldn't connect with a cipher better than RC4 so that is what is in use.

Some servers actually offer only one cipher, probably for maximum backwards compatibility. You can use the following test page to see what ciphers are offered: https://www.ssllabs.com/ssltest/

more options

jeffk1 said

Every time I try to log in to my bank's secure website with Firefox at https://www.huntington.com/ I get a grey triangle icon with exclamation point and the message when I hover over is "This website does not provide identity information".

The huntington.com online banking site is currently using obsolete, substandard SSL security algorithms, which IMHO is completely inexcusable for a financial institution. I wrote a complaint to their security department at idtheft@huntington.com and highly recommend other customers complain loudly as well, to make this a higher priority for them.

Below is their response. It has the feel of a form letter and is not signed by the unnamed author.


From: <Mailbox-IDTheft@huntington.com> Subject: RE: Huntington.com website security question

We are dedicated to your online safety and security and use sophisticated technology to provide a secure online experience. However, we also continually strive to remain on the cutting edge of Internet technology which is why we are in the process of further strengthening our SSL security to meet the increased security requirements that Chrome and Firefox recently implemented.

IT Security Analyst

The Huntington National Bank 7 Easton Oval EA3W21 Columbus, OH 43219 huntington.com