8 comments

[ 1.8 ms ] story [ 34.6 ms ] thread
Specifically on the edge server we hit in that particular test (69.171.228.13), they haven't installed their intermediate certificate chain.

Allowing insecure re-negotiation isn't too crash hot, either.

Currently Chrome is showing me a green lock icon for https://facebook.com/ but if I hit that particularly edge server (or another misconfigured one) would it warn me first? Or at least show the red lock?
AFAICT, the tool is broken WRT renegotiation detection.

~% openssl s_client -connect 69.171.228.13:443 2>/dev/null < /dev/null | grep Reneg

Secure Renegotiation IS NOT supported

Missing certs in the chain are fixed, BTW. Thanks for pointing it out.

We tracked down a bug in config autogeneration, and are going to add paranoia to monitor for it in the future.

Great tool, been looking for one of these since tlsreports stopped working.
Is this why I always get SSL warnings from embedded FB widgets on my iPad?

Also, FB is not exactly the gold standard for.. um.. things working.