Closed
Bug 1014387
Opened 10 years ago
Closed 10 years ago
Unoverridable sec_error_unknown_issuer on https://panopticlick.eff.org/
Categories
(Web Compatibility :: Desktop, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
May
People
(Reporter: glandium, Unassigned)
References
Details
STR:
- mkdir /tmp/profile
- firefox -no-remote -profile /tmp/profile -safe-mode https://panopticlick.eff.org/
(I've reproduce with aurora and nightly)
Expected result:
- Panopticlick site.
Acceptable result:
- An error page that still allows to go to the page
Actual result:
- An error page that just allows to "Get me out of here!"
This does *not* reproduce with the same Firefox build on an existing (old) profile.
This does *not* reproduce with the same Firefox build on the profile created with the STR after copying the *.db files from the existing (old) profile.
This *does* reproduce with the same Firefox build on the profile created with the STR after copying the *.db files from the existing (old) profile and using the PSM UI to remove the StartCOM intermediate certificates.
The server doesn't seem to be giving out the intermediate certificate (see below), so afaict, this is an expected outcome, but it's bothering that it's not possible to do anything about it. Even a self-signed certificate has a way around.
$ openssl s_client -showcerts -host panopticlick.eff.org -port 443 < /dev/null
CONNECTED(00000003)
depth=0 description = 2AT1kcCqZvDz3jO3, C = US, ST = California, L = San Francisco, O = "Electronic Frontier Foundation, Inc.", CN = www.panopticlick.com, emailAddress = whois@eff.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 description = 2AT1kcCqZvDz3jO3, C = US, ST = California, L = San Francisco, O = "Electronic Frontier Foundation, Inc.", CN = www.panopticlick.com, emailAddress = whois@eff.org
verify error:num=27:certificate not trusted
verify return:1
depth=0 description = 2AT1kcCqZvDz3jO3, C = US, ST = California, L = San Francisco, O = "Electronic Frontier Foundation, Inc.", CN = www.panopticlick.com, emailAddress = whois@eff.org
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/description=2AT1kcCqZvDz3jO3/C=US/ST=California/L=San Francisco/O=Electronic Frontier Foundation, Inc./CN=www.panopticlick.com/emailAddress=whois@eff.org
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA
-----BEGIN CERTIFICATE-----
MIIH4jCCBsqgAwIBAgIDAhpIMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
MiBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTQwNDE0MTk1MjQ2
WhcNMTYwNDE0MDMwMzM2WjCBwTEZMBcGA1UEDRMQMkFUMWtjQ3FadkR6M2pPMzEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
cmFuY2lzY28xLTArBgNVBAoTJEVsZWN0cm9uaWMgRnJvbnRpZXIgRm91bmRhdGlv
biwgSW5jLjEdMBsGA1UEAxMUd3d3LnBhbm9wdGljbGljay5jb20xHDAaBgkqhkiG
9w0BCQEWDXdob2lzQGVmZi5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCsRfJsi9qr+XUe6vwWrK/vSh8v5+pKTxkpSXOikInnran3H+3IbQmc/ykO
f4cP7Ehtb0A+lhKxQu2k4Wp97dVMM1OPvNNRCdTDlVgMxIEotjsBUTPcW8dcVJMF
JfDfRb7jzy//5ZQbs8hdJY50jpPFEYTgpPn/hQubBk8BeDF2YXDhCrpzawuQ94pI
KvHqFUTCnTTK2MGn5S6tDEl+1P0lK4+pE7wBCK7Y+BRmTFRaQ0WPKWJOankruFZ/
QN34eJr3i0MnM5ahEEu4GbTci0GZq7K7N7MZE9na8+RceQRat+8R+bnbOUzJcZ+y
d4gXULCCb99oMo8d4OwlV/wo7wGrKqmY2B/LNliLRwI9A7NX/ikxlfCCoAiHk3B4
duVXHNnB/qBR7A8AsETGdjDQPho9fVe7Z3FJOtFRaHTAj6kfH2eSKj1sJmQq3379
1vGFm6xbANVk+DkMmB43Lomm8aCv1BKpQtMNFZGApT/YONaA8xEROR4oqLZ79pYz
YSlIdTHLs9YBbXIKG/0zvHC3IhBzAKPu5OJQ+pe/AnVF5uvd/Z+1kKl7PfG6CxIK
1zx591uVCQ9/UgTaEu8Z3y3cyn8d69qJPxVhOaxrOP0ny0eXFiUJEHbCbTJXqIXp
E+vnP+qMTdrnzLai6KM+LQf9KoOcQCISuVai4Q5AK9os3f07HwIDAQABo4IDFDCC
AxAwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwIG
CCsGAQUFBwMBMB0GA1UdDgQWBBShMfNxaNFDKR6ZtxIKaepXAhBrbzAfBgNVHSME
GDAWgBQR2yNF/VTManFvhIoD1773AS8mhjBQBgNVHREESTBHghR3d3cucGFub3B0
aWNsaWNrLmNvbYIQcGFub3B0aWNsaWNrLmNvbYIHZWZmLm9yZ4IUcGFub3B0aWNs
aWNrLmVmZi5vcmcwggFWBgNVHSAEggFNMIIBSTAIBgZngQwBAgIwggE7BgsrBgEE
AYG1NwECAzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29t
L3BvbGljeS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1
ZWQgYWNjb3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1l
bnRzIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9y
IHRoZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlp
bmcgcGFydHkgb2JsaWdhdGlvbnMuMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9j
cmwuc3RhcnRzc2wuY29tL2NydDItY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5
BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczIv
c2VydmVyL2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9j
ZXJ0cy9zdWIuY2xhc3MyLnNlcnZlci5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDov
L3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUAA4IBAQBXbIY2CHnVBouc
1piXTlM6mnxl3f1zg/tTzpIfl81r3XwgilzP5Mu32kDRAoH7kYxfXfTotrXCy+P8
Z79DBoSuNjaywPp5MDqHKuuWwaVi2BzBYsg2RDGX5+Y9hNcj6STALw3x+qnxIsnk
fwWgKOW2xf029b054rAVacXfQbx2bOBAJfZxCQxyS+Qm8sE9zv1Bny0YRR3Wp9di
mcZ4br+l0qf9A28KpBvylvpIKzPKsU9IdWALVn6Chk9+fMGWBF/F1pTENSWDdf3T
UJ9U9bF3XttbbJCa66LMzv1u17muzA8UqEprN0U1j/dq1FBQ9BYyoPv5ghYc74YR
VIS1fQYV
-----END CERTIFICATE-----
---
Server certificate
subject=/description=2AT1kcCqZvDz3jO3/C=US/ST=California/L=San Francisco/O=Electronic Frontier Foundation, Inc./CN=www.panopticlick.com/emailAddress=whois@eff.org
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA
---
No client certificate CA names sent
---
SSL handshake has read 2937 bytes and written 643 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 95F09656F526CA224E81DA743CBCC98DC71DBBA92C057032B2A4224782E15CBB
Session-ID-ctx:
Master-Key: EE10B2BB357705854DED337EBBDF370A28A6A046CF60DAD2BD488DAAE1DEC0B9CD4627EED72BC5D16C28BB72D89C8FF8
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - 5d 1b 86 03 bf b5 39 8b-83 a5 4e 9b a1 89 13 4b ].....9...N....K
0010 - 39 93 09 a6 a1 19 3a 07-cf 7f 7b b1 f8 f1 66 bf 9.....:...{...f.
0020 - 16 26 65 5b 3b ed 69 7c-77 bb e6 cc ce df b7 27 .&e[;.i|w......'
0030 - b5 03 a6 bf 35 4a 98 a3-46 d4 c5 7a ec 54 4b bd ....5J..F..z.TK.
0040 - 9e fa 28 97 f2 1a a8 d0-df 34 c0 58 9e fa c8 d7 ..(......4.X....
0050 - ba a3 b9 ad 65 1e f1 6d-73 68 aa 07 fb 92 71 77 ....e..msh....qw
0060 - 07 99 51 f6 b7 03 36 ec-dd 1f 09 de 50 dc 1b c1 ..Q...6.....P...
0070 - 93 11 9d 4e 08 9d 3f 36-0d 7b 97 88 46 9e 6d 92 ...N..?6.{..F.m.
0080 - 9a cc 3b 8f 98 ed c7 3e-92 72 c1 e8 fb fb a8 d0 ..;....>.r......
0090 - ee 7e 80 b7 12 38 62 2d-65 42 2c 93 c7 d9 b0 89 .~...8b-eB,.....
Start Time: 1400737139
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
DONE
|
Reporter | |
Comment 1•10 years ago
|
||
http://www.sslshopper.com/ssl-checker.html#hostname=https://panopticlick.eff.org/
"The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following StartCom's Certificate Installation Instructions for your server platform. Pay attention to the parts about Intermediate certificates."
Which matches my observation with openssl.
|
|
Reporter | |
Comment 2•10 years ago
|
||
Workaround: go to https://xmpp.org and go back to https://panopticlick.eff.org/.
xmpp.org sends the intermediate, which Firefox then stores.
|
||
Comment 3•10 years ago
|
||
eff.org is HSTS, which means they've asked us not to allow any cert error overrrides. It's up to eff.org to make sure they're sending the right intermediate. Moving to Tech Evangelism and CCing Peter to see who we should be contacting @ EFF.
Assignee: nobody → english-us
Component: Security: PSM → English US
Product: Core → Tech Evangelism
Target Milestone: --- → May
Version: unspecified → Trunk
|
|
Reporter | |
Comment 4•10 years ago
|
||
FWIW, I already sent a message to webmaster@eff.org.
|
|
Reporter | |
Comment 5•10 years ago
|
||
That said, as far as I can tell, this is unrelated to HSTS. AIUI, HSTS is entirely based on what the server returns to an https request. We don't even go as far as doing one, as NSPR_LOG_MODULES=nsHttp:5 shows.
|
|
Reporter | |
Comment 6•10 years ago
|
||
Ah, we have them in security/manager/boot/src/nsSTSPreloadList.inc.
|
||
Updated•10 years ago
|
Assignee: english-us → nobody
Component: English US → Desktop
|
|
Reporter | |
Comment 7•10 years ago
|
||
(In reply to Mike Hommey [:glandium] from comment #4)
> FWIW, I already sent a message to webmaster@eff.org.
And haven't heard from them.
|
|
Reporter | |
Comment 8•10 years ago
|
||
It looks like it was fixed.
$ openssl s_client -showcerts -host panopticlick.eff.org -port 443 < /dev/null
CONNECTED(00000003)
depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 2 Primary Intermediate Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/description=2AT1kcCqZvDz3jO3/C=US/ST=California/L=San Francisco/O=Electronic Frontier Foundation, Inc./CN=www.panopticlick.com/emailAddress=whois@eff.org
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA
-----BEGIN CERTIFICATE-----
MIIH4jCCBsqgAwIBAgIDAhpIMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
MiBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTQwNDE0MTk1MjQ2
WhcNMTYwNDE0MDMwMzM2WjCBwTEZMBcGA1UEDRMQMkFUMWtjQ3FadkR6M2pPMzEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
cmFuY2lzY28xLTArBgNVBAoTJEVsZWN0cm9uaWMgRnJvbnRpZXIgRm91bmRhdGlv
biwgSW5jLjEdMBsGA1UEAxMUd3d3LnBhbm9wdGljbGljay5jb20xHDAaBgkqhkiG
9w0BCQEWDXdob2lzQGVmZi5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCsRfJsi9qr+XUe6vwWrK/vSh8v5+pKTxkpSXOikInnran3H+3IbQmc/ykO
f4cP7Ehtb0A+lhKxQu2k4Wp97dVMM1OPvNNRCdTDlVgMxIEotjsBUTPcW8dcVJMF
JfDfRb7jzy//5ZQbs8hdJY50jpPFEYTgpPn/hQubBk8BeDF2YXDhCrpzawuQ94pI
KvHqFUTCnTTK2MGn5S6tDEl+1P0lK4+pE7wBCK7Y+BRmTFRaQ0WPKWJOankruFZ/
QN34eJr3i0MnM5ahEEu4GbTci0GZq7K7N7MZE9na8+RceQRat+8R+bnbOUzJcZ+y
d4gXULCCb99oMo8d4OwlV/wo7wGrKqmY2B/LNliLRwI9A7NX/ikxlfCCoAiHk3B4
duVXHNnB/qBR7A8AsETGdjDQPho9fVe7Z3FJOtFRaHTAj6kfH2eSKj1sJmQq3379
1vGFm6xbANVk+DkMmB43Lomm8aCv1BKpQtMNFZGApT/YONaA8xEROR4oqLZ79pYz
YSlIdTHLs9YBbXIKG/0zvHC3IhBzAKPu5OJQ+pe/AnVF5uvd/Z+1kKl7PfG6CxIK
1zx591uVCQ9/UgTaEu8Z3y3cyn8d69qJPxVhOaxrOP0ny0eXFiUJEHbCbTJXqIXp
E+vnP+qMTdrnzLai6KM+LQf9KoOcQCISuVai4Q5AK9os3f07HwIDAQABo4IDFDCC
AxAwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwIG
CCsGAQUFBwMBMB0GA1UdDgQWBBShMfNxaNFDKR6ZtxIKaepXAhBrbzAfBgNVHSME
GDAWgBQR2yNF/VTManFvhIoD1773AS8mhjBQBgNVHREESTBHghR3d3cucGFub3B0
aWNsaWNrLmNvbYIQcGFub3B0aWNsaWNrLmNvbYIHZWZmLm9yZ4IUcGFub3B0aWNs
aWNrLmVmZi5vcmcwggFWBgNVHSAEggFNMIIBSTAIBgZngQwBAgIwggE7BgsrBgEE
AYG1NwECAzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29t
L3BvbGljeS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1
ZWQgYWNjb3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1l
bnRzIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9y
IHRoZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlp
bmcgcGFydHkgb2JsaWdhdGlvbnMuMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9j
cmwuc3RhcnRzc2wuY29tL2NydDItY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5
BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczIv
c2VydmVyL2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9j
ZXJ0cy9zdWIuY2xhc3MyLnNlcnZlci5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDov
L3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUAA4IBAQBXbIY2CHnVBouc
1piXTlM6mnxl3f1zg/tTzpIfl81r3XwgilzP5Mu32kDRAoH7kYxfXfTotrXCy+P8
Z79DBoSuNjaywPp5MDqHKuuWwaVi2BzBYsg2RDGX5+Y9hNcj6STALw3x+qnxIsnk
fwWgKOW2xf029b054rAVacXfQbx2bOBAJfZxCQxyS+Qm8sE9zv1Bny0YRR3Wp9di
mcZ4br+l0qf9A28KpBvylvpIKzPKsU9IdWALVn6Chk9+fMGWBF/F1pTENSWDdf3T
UJ9U9bF3XttbbJCa66LMzv1u17muzA8UqEprN0U1j/dq1FBQ9BYyoPv5ghYc74YR
VIS1fQYV
-----END CERTIFICATE-----
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
-----BEGIN CERTIFICATE-----
MIIGNDCCBBygAwIBAgIBGjANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwHhcNMDcxMDI0MjA1NzA5WhcNMTcxMDI0MjA1NzA5WjCB
jDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0
YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k85L6GMmoWtCA4IPlfyiAEh
G5SpbOK426oZGEY6UqH1D/RujOqWjJaHeRNAUS8i8gyLhw9l33F0NENVsTUJm9m8
H/rrQtCXQHK3Q5Y9upadXVACHJuRjZzArNe7LxfXyz6CnXPrB0KSss1ks3RVG7RL
hiEs93iHMuAW5Nq9TJXqpAp+tgoNLorPVavD5d1Bik7mb2VsskDPF125w2oLJxGE
d2H2wnztwI14FBiZgZl1Y7foU9O6YekO+qIw80aiuckfbIBaQKwn7UhHM7BUxkYa
8zVhwQIpkFR+ZE3EMFICgtffziFuGJHXuKuMJxe18KMBL47SLoc6PbQpZ4rEAwID
AQABo4IBrTCCAakwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
VR0OBBYEFBHbI0X9VMxqcW+EigPXvvcBLyaGMB8GA1UdIwQYMBaAFE4L7xqkQFul
F2mHMMo0aEPQQa7yMGYGCCsGAQUFBwEBBFowWDAnBggrBgEFBQcwAYYbaHR0cDov
L29jc3Auc3RhcnRzc2wuY29tL2NhMC0GCCsGAQUFBzAChiFodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9zZnNjYS5jcnQwWwYDVR0fBFQwUjAnoCWgI4YhaHR0cDovL3d3
dy5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0
c3NsLmNvbS9zZnNjYS5jcmwwgYAGA1UdIAR5MHcwdQYLKwYBBAGBtTcBAgEwZjAu
BggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0
BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRl
LnBkZjANBgkqhkiG9w0BAQUFAAOCAgEAnQfh7pB2MWcWRXCMy4SLS1doRKWJwfJ+
yyiL9edwd9W29AshYKWhdHMkIoDW2LqNomJdCTVCKfs5Y0ULpLA4Gmj0lRPM4EOU
7Os5GuxXKdmZbfWEzY5zrsncavqenRZkkwjHHMKJVJ53gJD2uSl26xNnSFn4Ljox
uMnTiOVfTtIZPUOO15L/zzi24VuKUx3OrLR2L9j3QGPV7mnzRX2gYsFhw3XtsntN
rCEnME5ZRmqTF8rIOS0Bc2Vb6UGbERecyMhK76F2YC2uk/8M1TMTn08Tzt2G8fz4
NVQVqFvnhX76Nwn/i7gxSZ4Nbt600hItuO3Iw/G2QqBMl3nf/sOjn6H0bSyEd6Si
BeEX/zHdmvO4esNSwhERt1Axin/M51qJzPeGmmGSTy+UtpjHeOBiS0N9PN7WmrQQ
oUCcSyrcuNDUnv3xhHgbDlePaVRCaHvqoO91DweijHOZq1X1BwnSrzgDapADDC+P
4uhDwjHpb62H5Y29TiyJS1HmnExUdsASgVOb7KD8LJzaGJVuHjgmQid4YAjff20y
6NjAbx/rJnWfk/x7G/41kNxTowemP4NVCitOYoIlzmYwXSzg+RkbdbmdmFamgyd6
0Y+NWZP8P3PXLrQsldiL98l+x/ydrHIEH9LMF/TtNGCbnkqXBP7dcg5XVFEGcE3v
qhykguAzx/Q=
-----END CERTIFICATE-----
---
Server certificate
subject=/description=2AT1kcCqZvDz3jO3/C=US/ST=California/L=San Francisco/O=Electronic Frontier Foundation, Inc./CN=www.panopticlick.com/emailAddress=whois@eff.org
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA
---
No client certificate CA names sent
---
SSL handshake has read 4532 bytes and written 449 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 53DB3BEC11BE76313EC837CAEB3DB916EAFB773CC1761BB7433695912076899F
Session-ID-ctx:
Master-Key: C23FDFB719C17FF0794641BBD21BBB7894B6E57F11DB53178AA8809C0F0145F3B1192930D6F5AB8630F75B64DEBB2F34
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - df b0 3b 3d a0 69 2c 2b-6b ca b4 30 70 0e 3e 7d ..;=.i,+k..0p.>}
0010 - 67 71 a8 2c 36 61 ab 4d-1d 08 41 3a 6d b8 23 20 gq.,6a.M..A:m.#
0020 - 17 eb 37 46 1a cd 4a ad-94 43 6c f6 aa 1c 9a 25 ..7F..J..Cl....%
0030 - ee fe bf 0f 45 55 e6 68-aa e2 68 80 b8 67 31 d9 ....EU.h..h..g1.
0040 - 42 e3 cd 5f da 55 9d 93-b4 76 2e be 19 31 7f a3 B.._.U...v...1..
0050 - 9a 7a c0 b1 5f d3 c3 35-54 91 5d 51 06 8c 85 9c .z.._..5T.]Q....
0060 - 87 f8 d8 89 b0 15 ad ed-38 f4 2a 2e 5e 8b 20 d5 ........8.*.^. .
0070 - 47 52 8c a9 87 db a4 2a-40 a6 2a cb 8c d0 d8 4f GR.....*@.*....O
0080 - 1c c3 a2 a0 df 83 09 3e-b7 c9 85 69 5b 9e 71 a9 .......>...i[.q.
0090 - c5 fa 67 8e d2 71 31 17-cf a9 c3 de 79 ee a6 e8 ..g..q1.....y...
Start Time: 1406365675
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
DONE
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
|
Assignee | |
Updated•6 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•