[tor-bugs] #30343 [Applications/Tor Browser]: TBB Gives HTTPS Green Lock for misconfigured SSL/TLS
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 30 13:51:07 UTC 2019
#30343: TBB Gives HTTPS Green Lock for misconfigured SSL/TLS
--------------------+------------------------------------------
Reporter: bo0od | Owner: tbb-team
Type: defect | Status: new
Priority: High | Component: Applications/Tor Browser
Version: | Severity: Major
Keywords: | Actual Points:
Parent ID: #30335 | Points:
Reviewer: | Sponsor:
--------------------+------------------------------------------
I have just reported a flaw with passing a misconfigured ssl/tls
certificate which is allowing MITM. I reported that against https-
everywhere but they answered it that https-everywhere doesnt access ssl
info. So maybe it is a browser level issue?
otherwise really what is the use of green lock and https-everywhere plugin
if a website pretend to be having ssl/tls connection while in fact its
just fake one and MITM is possible through it ?
SSL test:
https://www.ssllabs.com/ssltest/analyze.html?d=zu.ac.ae
HTTPS-Everywhere Github Ticket:
https://github.com/EFForg/https-everywhere/issues/17851#event-2309447045
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30343>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list