This Page Uses Weak Encryption?
Recently I've started to see a gray padlock with the yellow triangle, and the message "Connection is not secure, this page uses weak encryption." So far I've only seen this error on askubuntu.com and blender.stackexchange.com, and the error seems to be intermittent.
Is this a problem with the server or my browser configuration? I've compared different pages on AskUbuntu where one page says it's encrypted and another page says Broken Encryption. Both pages have the same encryption cipher whether it's broken or not: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 128 bit keys, TLS 1.2)
What can I do to fix this?
Vybrané riešenie
Got it! It was something with 3rd-party content after all! I had manually set security.mixed_content.block_display_content to true, so that mixed display content was blocked, as well as active content.
With display content unblocked (default setting), the page loads with the mixed content message. With display content blocked, it loads with the weak encryption message. Still not sure why this happens, but at now I know that it's not a problem on my end, and it's not a security problem since images aren't exactly harmful.
Čítať túto odpoveď v kontexte 👍 0Všetky odpovede (6)
¡Hola!
Both https://askubuntu.com/ and https://blender.stackexchange.com/ look fine for me.
Do these help you?
- What do the security warning codes mean?
- Secure connection failed and Firefox did not connect
- Mixed content blocking in Firefox
Please provide the full URL of pages where you get said message.
¡Gracias!
alex_mayorga said
¡Hola! Both https://askubuntu.com/ and https://blender.stackexchange.com/ look fine for me. Do these help you? Please provide the full URL of pages where you get said message. ¡Gracias!
The first link sounds like the problem I'm having, but Firefox doesn't block the page. It just loads it with the yellow triangle on the padlock, and when I click it, it says "Connection is not secure." When I click More Details, it says the page is using weak encryption.
The secure connection doesn't fail, because I'm still able to load the website.
It's not a problem with mixed content because these webpages do not have any.
Here is the first URL I noticed this problem: https://blender.stackexchange.com/questions/1303/can-blender-render-pngs-with-the-background-transparent
When loading the website again, I was able to get it loaded with the green padlock, but then refreshing it gave this message again.
Some more info here. I've only seen this on Stack Exchange websites, and only intermittently. However, I've noticed a pattern! While the website is loading, the padlock is green. I only see this message after the website is fully loaded!
I'm starting to wonder if this problem is being caused by 3rd party content. I'll keep checking.
Vybrané riešenie
Got it! It was something with 3rd-party content after all! I had manually set security.mixed_content.block_display_content to true, so that mixed display content was blocked, as well as active content.
With display content unblocked (default setting), the page loads with the mixed content message. With display content blocked, it loads with the weak encryption message. Still not sure why this happens, but at now I know that it's not a problem on my end, and it's not a security problem since images aren't exactly harmful.
Yup!
On the URL given, there are two image embeds that are not HTTPS (please see attached).
Glad to see you question is solved.
Note that you can see a Security error message (red bar) in the Web Console (Firefox menu button or Tools > Web Developer) about mixed content.