Page MenuHomePhabricator

Chromium says "Your connection to gerrit.wikimedia.org is encrypted with obsolete cryptography"
Closed, ResolvedPublic

Description

On clicking the green padlock icon in Chromium when gerrit.wikimedia.org is open, I get

Your connection to gerrit.wikimedia.org is encrypted with obsolete cryptography.

The connection uses TLS 1.2.

The connection is encrypted and authenticated using AES_128_GCM and uses RSA as the key exchange mechanism.

Some Chrome version says "using an obsolete cipher suite".

Event Timeline

polybuildr raised the priority of this task from to Needs Triage.
polybuildr updated the task description. (Show Details)
polybuildr added projects: HTTPS, Gerrit.
polybuildr added a subscriber: polybuildr.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 2 2015, 9:47 PM
Krenair added a subscriber: Krenair.
Restricted Application added a subscriber: Matanya. · View Herald TranscriptJul 2 2015, 9:48 PM
polybuildr set Security to None.Jul 2 2015, 9:48 PM
polybuildr removed subscribers: Krenair, Matanya.
polybuildr added a subscriber: csteipp.
polybuildr added subscribers: Krenair, Matanya.

Also, Firefox does not complain.

BBlack added a subscriber: BBlack.Jul 2 2015, 9:58 PM

Even commercial Chrome complains about this, and it's a valid complaint. Our gerrit server runs Apache 2.2 and does not have forward secrecy. There are ongoing tickets about this: (see e.g. T55259)

fgiunchedi closed this task as Declined.Jul 21 2015, 10:53 AM
fgiunchedi claimed this task.
fgiunchedi added a subscriber: fgiunchedi.

@polybuildr I'm going to resolve this in favor of T55259: Add Forward Secrecy to all HTTPS sites, please reopen if need be!

Chmarkine changed the task status from Declined to Resolved.Jul 21 2015, 12:46 PM
Chmarkine added a subscriber: Chmarkine.

Why decline it? It has been resolved! Apache 2.2 now supports ECDHE. See T55259#1448222.

thanks @Chmarkine, I did miss that update! even better