Page MenuHomePhabricator
Create Task
Maniphest T104649

Chromium says "Your connection to gerrit.wikimedia.org is encrypted with obsolete cryptography"
Closed, ResolvedPublic
Actions

Description

On clicking the green padlock icon in Chromium when gerrit.wikimedia.org is open, I get

Your connection to gerrit.wikimedia.org is encrypted with obsolete cryptography.

The connection uses TLS 1.2.

The connection is encrypted and authenticated using AES_128_GCM and uses RSA as the key exchange mechanism.

Some Chrome version says "using an obsolete cipher suite".

Related Objects
Search...

Event Timeline

polybuildr created this task.Jul 2 2015, 9:47 PM
polybuildr raised the priority of this task from to Needs Triage.
polybuildr updated the task description. (Show Details)
polybuildr added projects: HTTPS, Gerrit.
polybuildr subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 2 2015, 9:47 PM
Krenair added a project: acl*sre-team.Jul 2 2015, 9:48 PM
Krenair subscribed.
Restricted Application added a subscriber: Matanya. · View Herald TranscriptJul 2 2015, 9:48 PM
polybuildr set Security to None.Jul 2 2015, 9:48 PM
polybuildr removed subscribers: Krenair, Matanya.
polybuildr added a subscriber: csteipp.
polybuildr added subscribers: Krenair, Matanya.

Also, Firefox does not complain.

BBlack subscribed.Jul 2 2015, 9:58 PM

Even commercial Chrome complains about this, and it's a valid complaint. Our gerrit server runs Apache 2.2 and does not have forward secrecy. There are ongoing tickets about this: (see e.g. T55259)

Dzahn added a parent task: T55259: Add Forward Secrecy to all HTTPS sites.Jul 2 2015, 11:23 PM
fgiunchedi closed this task as Declined.Jul 21 2015, 10:53 AM
fgiunchedi claimed this task.
fgiunchedi subscribed.

@polybuildr I'm going to resolve this in favor of T55259: Add Forward Secrecy to all HTTPS sites, please reopen if need be!

Chmarkine changed the task status from Declined to Resolved.Jul 21 2015, 12:46 PM
Chmarkine subscribed.

Why decline it? It has been resolved! Apache 2.2 now supports ECDHE. See T55259#1448222.

Chmarkine unsubscribed.Jul 21 2015, 12:46 PM
fgiunchedi added a subscriber: Chmarkine.Jul 21 2015, 12:49 PM

thanks @Chmarkine, I did miss that update! even better

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL