gavinhungry / cipherfox Goto Github PK

Hi Gavin,

I'm experiencing the same issue again like #36, this time with the latest 4.1.1 version, Ubuntu 17.04 54.0 (64-bit) Hungarian.

Do you think we can manage to fix this one more time? I'll look around to see if it's still language specific.

I think it would be worth it to add to the list of formatting string variables one that allow the display of the current certificate's "issued on" date, as a complement to a certificate's expiration date, especially in the aftermath of the "Heartbleed" OpenSSL bug.
Thanks in advance for the consideration.

Upgraded to Firefox 42 64bit today and the dropdown disappeared from the site ID bubble.

See also #31 (comment)

(Opened as new issue in order to keep disucussion in the other issue on topic)

With Aurora 33 or Nightly 34, Cipherfox does not appear on addon bar or site identification dialog.
Any errors are not recorded on Browser Console.

With Beta 32, Cipherfox works well.

I don't see encryption information for pages where not all elements are encrypted, e.g.:

Here is a screenshot to confirm that cipherfox works otherwise:

This is for ciperfox 3.10.1 on Firefox 37.0.1 on Linux.

See:
http://forum.palemoon.org/viewtopic.php?f=1&t=8160
http://forum.palemoon.org/viewtopic.php?f=13&t=7843&start=20

The long date strings ($CERTISSUED, $CERTEXP) can take up too much space depending on locale.

Observatory by Mozilla, https://observatory.mozilla.org, performs tests that SSL labs does not but also simultaneously tests with SSL labs, htbridge.com, tls.imirhil.fr, securityheaders.io, and hstspreload.org. It also gives preliminary results faster while the other tests have not yet finished.

CipherFox still uses an entry in the old status bar, which you have to install one or more extensions to get back in modern releases of Firefox. (Or, if there is a Firefox 4+ widget, it's well-hidden.)

This is one of the very last extensions I have installed that doesn't have its own widget or widgets for Firefox 4+. The "Show CipherFox in Add-ons Bar" option is promising, but actually toggles whether it appears in the legacy status bar (if it exists at all).

Cipherfox menu does not show up when firefox warns me about partial https. This happens when http content included in the https page. I think chipherfox menu should be visible in this case too, as the certificate chain still could contain important information.

How to reproduce: Go to a page with partial https, look for the chipherfox menu.
Example page: https://www.ssllabs.com/ssltest/viewMyClient.html (This is a partial https page because of the test files.)

Just stopped working with upgrade to Firefox 25 Aurora on Linux

Via email:

Are you going to update CipherFox for tls 1.3?

HSTS = HTTPS Strict Transport Security
HPKP = HTTPS Public Key Pinning

I'm using Cipherfox on Pale Moon. With v27.4.0, TLS 1.3 was added to the browser, which shows up as a "?" in the extension. Could you please add TLS 1.3 support?

$PROTOCOL seems to refer prefix "TLS" or "SSL" of cipher suites.
However, these prefix does not correspond to actual protocol.

ex. TLS 1.0 connection (security.tls.version.max = 1 and security.tls.version.min = 1) to github.com shows "SSL_RSA_WITH_RC4_128_SHA".

Difference between prefix "SSL" and "TLS" is just the definition in NSS, not actual TLS/SSL connection.
http://hg.mozilla.org/mozilla-central/file/70f21fad60a4/security/nss/lib/ssl/ssl3con.c#l291

Old cipher suites which defined in SSL 3.0 (RSA key exchange with RC4, 3DES etc.) have "SSL" prefix even used in TLS connection.
ex.
{SSL_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa},
{SSL_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa},
{SSL_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa},

New cipher suites which added with TLS 1.0 or later (AES, ECC key exchange, forward secrecy etc.) have "TLS" prefix.
ex.
{TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_rsa}
{TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_rsa}
{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_rsa}

Hi guys,

I can't play youtube videos while RC4 is disabled. Its really annoying to enable it everytime. Would it be possible to add a whitelist for websites which are allowed to use RC4?

CipherFox add-on does not provide whether current connection to a secure server is using SSL or TLS! It's very easy to see such information in IE, Can we expect that in future versions?

I get an XML error when I try to open the pref window in Firefox 29 and Beta 30

chrome://cipherfox/content/prefs.xul
line 120: Entity not defined

By bug 934663 (https://bugzilla.mozilla.org/show_bug.cgi?id=934663), all prefs related to cipher suites (security.ssl3.*) are hidden from about:config on Fx Nightly.
Because of this change, "Disable RC4 cipher" function of Cipherfox (it seems to be just change boolean from true to false) does not work on Nightly.
We need create each prefs and set them to false.

Current Nightly enables these 4 RC4-suites.

• security.ssl3.ecdhe_ecdsa_rc4_128_sha (TLS_ECDHE_ECDSA_WITH_RC4_128_SHA)
• security.ssl3.ecdhe_rsa_rc4_128_sha (TLS_ECDHE_RSA_WITH_RC4_128_SHA)
• security.ssl3.rsa_rc4_128_sha (TLS_RSA_WITH_RC4_128_SHA)
• security.ssl3.rsa_rc4_128_md5 (TLS_RSA_WITH_RC4_128_MD5)

These 2 cuites enabled in ESRs, Release, Beta, and Aurora have been disabled on Nightly.

• security.ssl3.ecdh_ecdsa_rc4_128_sha (TLS_ECDH_ECDSA_WITH_RC4_128_SHA)
• security.ssl3.ecdh_rsa_rc4_128_sha (TLS_ECDH_RSA_WITH_RC4_128_SHA)

Can you please make the statusbar icon moveable?
Here is a screenshot which show the customize option and the Cipherfox item isn't moveable (in Pale Moon 25.8.0 x64)

This may be somewhat redundant with #3, but I'll ask anyway, as I am not quite sure what the result of #3 will look like:

It would be awesome if you could add a placeholder for the key exchange mechanism (RSA, DH*, ...), once that is possible. It's my hobby to check if a website is using a SSL mode with forward secrecy (Diffie-Hellmann) and write angry mails if they are not, and this is very easy in chrome (as they have a nice text explaining the used encryption algorithm, message authentication and key exchange mechanism), but currently almost impossible with firefox.

It seems your extention removes RC4 certs and thus breaking ssl video display in youtube (site loads but video gets a "Error occured" like: https://support.google.com/youtube/answer/3037019?p=player_error1&rd=1 ).

After going Extras - "RC4 enable" and reloading https://www.youtube.com the video plays well, similar problems with manual pref settings: https://support.mozilla.org/de/questions/990082

Not using https at all the video plays well and also after uninstalling your extention https on youtube also plays well, so it seems you set some prefs not to enable RC4?

Together with not beeing able to change Prefs in Firefox 24.5 ESR this is quite an odd problem

Is it possible to decode the exact cipher in use from its 4 byte code?
Not sure if this information is accessible via an add-on.

ie. RC4 is not just RC4

there is
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_DHE_DSS_WITH_RC4_128_SHA

If storing all the strings is too much, at least allow the two byte (four hex) code to be shown via the string variable option.

ie. $CIPHERID $CIPHERNAME

Marked as a Legacy extension in Firefox 57 and cannot be enabled. Please update for Firefox 57! Love this extension

This seems to be a compatibility issue with Firefox 45.0 (Ubuntu)

This is a very useful extension, so I would hate to see its demise in later Firefox versions. Is it possible to re-implement the extension with the WebExtension API? It won't be able to reside in the convenient place where it does not (in the SSL dropdown in the URL bar), but at least it will be able to provide the detailed SSL info somewhere.

Hi,
I use Firefox 36.0 / Win 7.0 and if I disable rc4 the connection to https://www.wufoo.com/ is blocked (ssl_error_no_cypher_overlap ), but if I check it with https://www.ssllabs.com/ssltest/analyze.html?d=atlassian.wufoo.com it says that it should be secure: TLS 1.2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014), FS, 256

Why?

Best regards!
Stefan

Now, cipherSuite.label and protocol.label in pref.dtd have annotations about available Firefox version.

<!ENTITY cipherSuite.label "Full Cipher Suite (Firefox 25+)">
<!ENTITY protocol.label    "Protocol Version (Firefox 36+)">

I think it is good time to remove these annotations because Firefox 31 ESR has been EOLed and support for Pale Moon has been added.

other than ja-JP;

<!ENTITY cipherSuite.label "Full Cipher Suite">
<!ENTITY protocol.label    "Protocol Version">

ja-JP;

<!ENTITY cipherSuite.label "完全な Cipher Suite">
<!ENTITY protocol.label    "プロトコルバージョン">

CipherFox 3.7.3 is not working in firefox 33.
Please fix it, thank you

Dear add-on developer,

You might have heard the news[1] that future versions of Firefox will run the browser UI separately from web content. This is called Multi-process Firefox (also "Electrolysis" or "e10s")[2], and it is scheduled for release in the first quarter of 2016[3].

If your add-on code accesses web content directly, using an overlay extension[4], a bootstrapped extension[5], or low-level SDK APIs[6] like window/utils or tabs/utils, then you will probably be affected.

To minimize the impact on users of your add-ons, we are urging you to test your add-ons[7] for compatibility. You can find documentation on how to make them compatible here[8].

Starting Nov. 24, 2015, we are available to assist you every Tuesday in the #addons channel on irc.mozilla.org[9]. Click here[10] to see the schedule. Whether you need help testing or making your add-ons compatible, we're here to help!

Sincerely,
The Add-ons Team

[1] https://blog.mozilla.org/addons/2015/08/21/the-future-of-developing-firefox-add-ons/
[2] https://developer.mozilla.org/en-US/Firefox/Multiprocess_Firefox
[3] https://wiki.mozilla.org/Electrolysis#Schedule
[4] https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions
[5] https://developer.mozilla.org/en-US/Add-ons/Bootstrapped_extensions
[6] https://developer.mozilla.org/en-US/Add-ons/SDK/Low-Level_APIs
[7] https://developer.mozilla.org/en-US/Add-ons/Working_with_multiprocess_Firefox#Testing
[8] https://developer.mozilla.org/en-US/Add-ons/Working_with_multiprocess_Firefox#Updating_your_code
[9] irc://irc.mozilla.org/addons
[10] https://atsay.github.io/e10s_office_hours/

Firefox ESR 38.8 is the last release which supports RC4-fallback by default and will update to ESR 45.2 next week, where this option has no effect any more.

Perhaps you could replace this with an option to block mixed-content pictures (toggle pref 'security.mixed_content.block_display_content'.

relating to this: #35

This extension is not currently marked as multiprocess compatible. This means it is blocking multiprocess functionality in 49.0. From some limited testing I did with forcing multiprocess on, this addon appears stable, so I think this addon can be marked as compatible with multiprocess by adding the correct flag to the install.rdf: https://developer.mozilla.org/en-US/Add-ons/Install_Manifests#multiprocessCompatible

After some trial and error I hunted down a long delay caused by cipherfox.

I use several personal sites with a self-signed SSL certificate and out of laziness I just use a generic domains (ie. "example.com" or "localhost") as the certificate domain.

I didn't experience this bug with FF28 but with FF30 and FF31 there is a long delay before loading the page and more importantly, there is a long delay just switching back and forth to the tab with the page that has the https and self-signed cert.

No problem with sites using real certificates.

Disabling cipherfox completely eliminates the delay with page load/tab switching.

It is trying to access the fake domain? Is it not caching the result between tabs?

Maybe a temporarily workaround could be not to try to access "localhost" or "127.0.0.1"

The new box needs to expand to the proper width, as it just adds an ellipsis to the select box.

Great extension, by the way!

The certificate chain seems to miss the root certificate. For example, while editing this report I see "RC4 128-bit" on the cipher field, and when I click it, I would expect:

GTE Corporation (RSA 1024-bit: MD5)
DigiCert Inc (RSA 2048-bit: SHA1)
DigiCert Inc (RSA 2048-bit: SHA1)
GitHub, Inc. (RSA 2048-bit: SHA1)

Instead, I only get:

DigiCert Inc (RSA 2048-bit: SHA1)
DigiCert Inc (RSA 2048-bit: SHA1)
GitHub, Inc. (RSA 2048-bit: SHA1)

In addition, I'd display the CommonName, rather than the Organization, for the $CERTORG and $CERTISSUER fields, because it is usually more significant. Note also that the certificate's detail window displays CN: Consistency may improve understanding, IMHO.

Thanks
Ale

Here is an error log in browser console.

TypeError: gBrowser.contentDocument is null    cipherfox.js:475:1

 CipherFox.testDomain                          chrome://cipherfox/content/cipherfox.js:475:1

 oncommand                                     chrome://browser/content/browser.xul:1:1

When using a certificate that has been signed using ECDSA, cipherfox shows a ? instead of correct signature algorithm. For example the below image was from a certificate using ECDSA with SHA-256

,

ESR 24.5.0, Linux x86_64:

[17:44:58.125] ReferenceError: Cc is not defined @ chrome://cipherfox/content/prefs.js:11
[17:44:59.994] TypeError: CipherFox_prefs.baseFormat is undefined @ chrome://cipherfox/content/prefs.xul:1
[17:45:00.450] TypeError: CipherFox_prefs.certFormat is undefined @ chrome://cipherfox/content/prefs.xul:1
[17:45:02.260] TypeError: this.prompt is undefined @ chrome://cipherfox/content/prefs.js:20

Firefox 41.0b5 without Cipherfox 3.12.0:

Firefox 41.0b5 with Cipherfox 3.12.0:

Buttons to show connection information and "details" are not shown...

Currently, the prefs description for $CIPHERSUITE and $PROTOCOL are not localized. There may be more new strings as new properties are exposed as pulled from cipher suite, which will also require localization.

Cipherfox 4.1.1 throws the following error when installed in Pale Moon 27.5.*:

00:10:04.963 [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) 
[nsIStringBundle.GetStringFromName]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  
location: "JS frame :: chrome://cipherfox/content/cipherfox.js :: formatLabel :: line 296" 
data: no]

This seems to be in the case statement where hash types are determined, assuming strings are available with the same names as in Firefox.
With this error thrown, the extension fails to work entirely.

http://www.seamonkey-project.org/

Based on bug 886752 (https://bugzilla.mozilla.org/show_bug.cgi?id=886752), we can get the protocol version information (SSL 3.0, TLS 1.0, TLS 1.1, or TLS 1.2) on Firefox 36+ now.
Cipherfox should also show protocol version.