Currently Chrome is showing me a green lock icon for https://facebook.com/ but if I hit that particularly edge server (or another misconfigured one) would it warn me first? Or at least show the red lock?
Most likely the browser would not complain; it will block, fetch the intermediate certificates (if possible), verify the signatures, then proceed. So probably just a performance hit in most cases.
8 comments
[ 1.8 ms ] story [ 34.6 ms ] threadAllowing insecure re-negotiation isn't too crash hot, either.
Full explanation here: https://www.wormly.com/help/ssl-tests/intermediate-cert-chai...
~% openssl s_client -connect 69.171.228.13:443 2>/dev/null < /dev/null | grep Reneg
Secure Renegotiation IS NOT supported
We tracked down a bug in config autogeneration, and are going to add paranoia to monitor for it in the future.
Also, FB is not exactly the gold standard for.. um.. things working.
Use this instead: http://www.ssllabs.com/