What to do when a website has TLS issues with #Firefox on #Fedora, but works flawlessly with Firefox on Windows and #Chromium on Fedora? It also has this strange behavior that doesn't even let me bypass the problem temporarily... #WebBrowsers #WebSecurity #HTTPS
@steko ? What site?
@steko Hmm. without any more information than that, I'd guess that something after the authentication step redirects to something that doesn't match the TLS cert, as part of SSO or something. That's so odd, usually stuff works for me on FF on Fedora that *doesn't* work elsewhere. 🤔
@snoot exactly my expectation, too. I tried launching Firefox from the command line to obtain more detailed output, to no avail. Perhaps I should try with curl or Python requests to look at the specific error?
@steko Anytime. :)
@steko Absolutely, either should be sufficient, choose based on experience level. Or the F12 dev console.
@snoot I tried using that already but... what tab should give me the detail I'm looking for? I hoped the Network or Console tab were the right ones..
@snoot for the record, Chromium tells me for the login page at https://email.beniculturali.it/owa/auth/logon.aspx
"The connection to this site uses TLS 1.2 (a strong protocol), ECDHE_RSA with P-384 (a strong key exchange), and AES_256_CBC with HMAC-SHA1 (an obsolete cipher)."
but once logged in the webmail:
"The connection to this site uses TLS 1.0 (an obsolete protocol), RSA (an obsolete key exchange), and 3DES_EDE_CBC with HMAC-SHA1 (an obsolete cipher)."
... that sounds like the source of the problem.
@steko And Firefox on Fedora rejects 1.0 because it's insecure. There you go. :) Your OWA admin needs to fix that.
@snoot thanks for the feedback in any case!