[tbb-bugs] #30343 [Applications/Tor Browser]: TBB Gives HTTPS Green Lock for misconfigured SSL/TLS

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 30 13:51:07 UTC 2019


#30343: TBB Gives HTTPS Green Lock for misconfigured SSL/TLS
--------------------+------------------------------------------
 Reporter:  bo0od   |          Owner:  tbb-team
     Type:  defect  |         Status:  new
 Priority:  High    |      Component:  Applications/Tor Browser
  Version:          |       Severity:  Major
 Keywords:          |  Actual Points:
Parent ID:  #30335  |         Points:
 Reviewer:          |        Sponsor:
--------------------+------------------------------------------
 I have just reported a flaw with passing a misconfigured ssl/tls
 certificate which is allowing MITM. I reported that against https-
 everywhere but they answered it that https-everywhere doesnt access ssl
 info. So maybe it is a browser level issue?

 otherwise really what is the use of green lock and https-everywhere plugin
 if a website pretend to be having ssl/tls connection while in fact its
 just fake one and MITM is possible through it ?

 SSL test:

 https://www.ssllabs.com/ssltest/analyze.html?d=zu.ac.ae

 HTTPS-Everywhere Github Ticket:

 https://github.com/EFForg/https-everywhere/issues/17851#event-2309447045

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30343>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list