In Rilievo Discussione su Firefox - Thunderbird

Protocol Support
Your user agent has good protocol support.
Your user agent supports TLS 1.2, which is recommended protocol version at the moment.
Experimental: Your user agent supports TLS 1.3.
CVE-2020-0601 (CurveBall) Vulnerability
Your user agent is not vulnerable.
For more information about the CVE-2020-0601 (CurveBall) Vulnerability, please go to CVE-2020-0601.
To test manually, click here. Your user agent is not vulnerable if it fails to connect to the site.
Logjam Vulnerability
Your user agent is not vulnerable.
For more information about the Logjam attack, please go to weakdh.org.
To test manually, click here. Your user agent is not vulnerable if it fails to connect to the site.
FREAK Vulnerability
Your user agent is not vulnerable.
For more information about the FREAK attack, please go to www.freakattack.com.
To test manually, click here. Your user agent is not vulnerable if it fails to connect to the site.
POODLE Vulnerability
Your user agent is not vulnerable.
For more information about the POODLE attack, please read this blog post.
Protocol Features
Protocols
TLS 1.3 Yes
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No


Cipher Suites (in order of preference)
TLS_AES_128_GCM_SHA256 (0x1301) Forward Secrecy 128
TLS_CHACHA20_POLY1305_SHA256 (0x1303) Forward Secrecy 256
TLS_AES_256_GCM_SHA384 (0x1302) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) WEAK 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) WEAK 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) WEAK 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) WEAK 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK 112
(1) When a browser supports SSL 2, its SSL 2-only suites are shown only on the very first connection to this site. To see the suites, close all browser windows, then open this exact page directly. Don't refresh.


Protocol Details
Server Name Indication (SNI) Yes
Secure Renegotiation Yes
TLS compression No
Session tickets Yes
OCSP stapling Yes
Signature algorithms SHA256/ECDSA, SHA384/ECDSA, SHA512/ECDSA, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, SHA256/RSA, SHA384/RSA, SHA512/RSA, SHA1/ECDSA, SHA1/RSA
Named Groups x25519, secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072
Next Protocol Negotiation No
Application Layer Protocol Negotiation Yes h2 http/1.1
SSL 2 handshake compatibility No

Mixed Content Handling
Mixed Content Tests
Images Passive Yes
CSS Active No
Scripts Active No
XMLHttpRequest Active No
WebSockets Active No
Frames Active No
(1) These tests might cause a mixed content warning in your browser. That's expected.
(2) If you see a failed test, try to reload the page. If the error persists, please get in touch.

Related Functionality
Upgrade Insecure Requests request header (more info) Yes
 
Sembrerebbe tutto ok dal test

Dopo aver pulito la cache, il problema ti si presenta ancora?
Hai provato anche a disattivare eventualmente i componenti aggiuntivi (se presenti) di firefox?
 
Si presenta lo stesso
Aggiornamenti ho solo i classici per ABP e per scaricare file

Connessione sicura non riuscita

Si è verificato un errore durante la connessione a aaacsc.alice.it. Il peer utilizza una versione non supportata del protocollo di sicurezza.

Codice di errore: SSL_ERROR_UNSUPPORTED_VERSION

Non capisco proprio da Chrome tutto ok
 
Ultima modifica:
Hai provato a guardare in about:config se nella schermata security hai qualche modifica?
Se si, prova a ripristinarla col tasto Ripristina (freccia curva) nella parte destra dello schermo.
 
Questo è quello che vedo in security

dom.security.featurePolicy.enabled true
dom.security.featurePolicy.experimental.enabled false
dom.security.featurePolicy.header.enabled false
dom.security.featurePolicy.webidl.enabled false
dom.security.respect_document_nosniff true
dom.security.skip_about_page_csp_allowlist_and_assert false
dom.security.skip_about_page_has_csp_assert false
dom.security.skip_html_fragment_assertion false
dom.security.skip_remote_script_assertion_in_system_priv_context false
extensions.webextensions.base-content-security-policy script-src 'self' https://* moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' https://* moz-extension: blob: filesystem:;
extensions.webextensions.default-content-security-policy script-src 'self'; object-src 'self';
network.disable.ipc.security true
network.security.esni.enabled false
network.stricttransportsecurity.preloadlist true
security.OCSP.enabled 1
security.OCSP.require false
security.OCSP.timeoutMilliseconds.hard 10000
security.OCSP.timeoutMilliseconds.soft 2000
security.aboutcertificate.enabled true
security.all_resource_uri_content_accessible false
security.allow_eval_in_parent_process false
security.allow_eval_with_system_principal false
security.allow_parent_unrestricted_js_loads false
security.alternate_certificate_error_page certerror
security.app_menu.recordEventTelemetry true
security.ask_for_password 0
security.block_Worker_with_wrong_mime false
security.block_importScripts_with_wrong_mime true
security.block_script_with_wrong_mime true
security.cert_pinning.enforcement_level 1
security.cert_pinning.hpkp.enabled false
security.cert_pinning.max_max_age_seconds 5184000
security.cert_pinning.process_headers_from_non_builtin_roots false
security.certerrors.mitm.auto_enable_enterprise_roots true
security.certerrors.mitm.priming.enabled true
security.certerrors.mitm.priming.endpoint https://mitmdetection.services.mozilla.com/
security.certerrors.permanentOverride true
security.certerrors.recordEventTelemetry true
security.content.signature.root_hash 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E
security.csp.enable true
security.csp.enableNavigateTo false
security.csp.enableStrictDynamic true
security.csp.reporting.script-sample.max-length 40
security.data_uri.block_toplevel_data_uri_navigations true
security.data_uri.unique_opaque_origin true
security.default_personal_cert Ask Every Time
security.dialog_enable_delay 1000
security.directory
security.disable_button.openCertManager false
security.disable_button.openDeviceManager false
security.enterprise_roots.enabled false
security.family_safety.mode 2
security.fileuri.strict_origin_policy true
security.identityblock.show_extended_validation false
security.identitypopup.recordEventTelemetry true
security.insecure_connection_icon.enabled true
security.insecure_connection_icon.pbmode.enabled true
security.insecure_connection_text.enabled false
security.insecure_connection_text.pbmode.enabled false
security.insecure_field_warning.contextual.enabled true
security.insecure_field_warning.ignore_local_ip_address true
security.insecure_password.ui.enabled true
security.mixed_content.block_active_content true
security.mixed_content.block_display_content false
security.mixed_content.block_object_subrequest false
security.mixed_content.upgrade_display_content false
security.notification_enable_delay 500
security.onecrl.maximum_staleness_in_seconds 108000
security.osclientcerts.autoload false
security.password_lifetime 30
security.pki.cert_short_lifetime_in_days 10
security.pki.certificate_transparency.mode 0
security.pki.crlite_mode 1
security.pki.distrust_ca_policy 2
security.pki.mitm_canary_issuer
security.pki.mitm_canary_issuer.enabled true
security.pki.mitm_detected false
security.pki.name_matching_mode 3
security.pki.netscape_step_up_policy 1
security.pki.sha1_enforcement_level 3
security.protectionspopup.recordEventTelemetry true
security.remember_cert_checkbox_default_setting true
security.remote_settings.crlite_filters.bucket security-state
security.remote_settings.crlite_filters.checked 0
security.remote_settings.crlite_filters.collection cert-revocations
security.remote_settings.crlite_filters.enabled false
security.remote_settings.crlite_filters.signer onecrl.content-signature.mozilla.org
security.remote_settings.intermediates.bucket security-state
security.remote_settings.intermediates.checked 0
security.remote_settings.intermediates.collection intermediates
security.remote_settings.intermediates.downloads_per_poll 100
security.remote_settings.intermediates.enabled false
security.remote_settings.intermediates.parallel_downloads 8
security.remote_settings.intermediates.signer onecrl.content-signature.mozilla.org
security.sandbox.content.level 5
security.sandbox.content.tempDirSuffix {f9f52534-82d2-45fa-9f68-74b179f174ce}
security.sandbox.content.win32k-disable false
security.sandbox.gmp.win32k-disable false
security.sandbox.gpu.level 0
security.sandbox.logging.enabled false
security.sandbox.plugin.tempDirSuffix {ffa4feaf-066f-4fcd-b8e3-adca9722ab1f}
security.sandbox.rdd.win32k-disable true
security.sandbox.windows.log.stackTraceDepth 0
security.secure_connection_icon_color_gray true
security.signed_app_signatures.policy 2
security.sri.enable true
security.ssl.enable_alpn true
security.ssl.enable_false_start true
security.ssl.enable_ocsp_must_staple true
security.ssl.enable_ocsp_stapling true
security.ssl.errorReporting.automatic false
security.ssl.errorReporting.enabled false
security.ssl.errorReporting.url https://incoming.telemetry.mozilla.org/submit/sslreports/
security.ssl.require_safe_negotiation false
security.ssl.treat_unsafe_negotiation_as_broken false
security.ssl3.dhe_rsa_aes_128_sha true
security.ssl3.dhe_rsa_aes_256_sha true
security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 true
security.ssl3.ecdhe_ecdsa_aes_128_sha true
security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384 true
security.ssl3.ecdhe_ecdsa_aes_256_sha true
security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256 true
security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 true
security.ssl3.ecdhe_rsa_aes_128_sha true
security.ssl3.ecdhe_rsa_aes_256_gcm_sha384 true
security.ssl3.ecdhe_rsa_aes_256_sha true
security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256 true
security.ssl3.rsa_aes_128_sha true
security.ssl3.rsa_aes_256_sha true
security.ssl3.rsa_des_ede3_sha true
security.strict_security_checks.enabled false
security.tls.enable_0rtt_data true
security.tls.enable_delegated_credentials false
security.tls.enable_post_handshake_auth false
security.tls.hello_downgrade_check true
security.tls.insecure_fallback_hosts
security.tls.version.enable-deprecated false
security.tls.version.fallback-limit 4
security.tls.version.max 4
security.tls.version.min 3
security.view-source.reachable-from-inner-protocol false
security.webauth.u2f true
security.webauth.webauthn true
security.webauth.webauthn_enable_softtoken false
security.webauth.webauthn_enable_usbtoken true
services.settings.security.onecrl.bucket security-state
services.settings.security.onecrl.checked 1583920850
services.settings.security.onecrl.collection onecrl
services.settings.security.onecrl.signer onecrl.content-signature.mozilla.org
services.sync.prefs.sync.security.default_personal_cert true
 
Questa è la schermata, se trovi una voce modificata (nel mio caso ad esempio, network.security.esni.enable), per ripristinare in modo Predefinito, devi cliccare sulla freccia a destra.

Sempre che tu abbia modificato qualcosa.

 
Biscuo ha scritto:
Questa è la schermata, se trovi una voce modificata (nel mio caso ad esempio, network.security.esni.enable), per ripristinare in modo Predefinito, devi cliccare sulla freccia a destra.

Sempre che tu abbia modificato qualcosa.

Clicca per espandere...

mai toccato about:confing

sopra ho messo cosa trovo nella mia


Predefinito

Questo è quello che vedo in security

dom.security.featurePolicy.enabled true
dom.security.featurePolicy.experimental.enabled false
dom.security.featurePolicy.header.enabled false
dom.security.featurePolicy.webidl.enabled false
dom.security.respect_document_nosniff true
dom.security.skip_about_page_csp_allowlist_and_ass ert false
dom.security.skip_about_page_has_csp_assert false
dom.security.skip_html_fragment_assertion false
dom.security.skip_remote_script_assertion_in_syste m_priv_context false
extensions.webextensions.base-content-security-policy script-src 'self' https://* moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' https://* moz-extension: blob: filesystem:;
extensions.webextensions.default-content-security-policy script-src 'self'; object-src 'self';
network.disable.ipc.security true
network.security.esni.enabled false
network.stricttransportsecurity.preloadlist true
security.OCSP.enabled 1
security.OCSP.require false
security.OCSP.timeoutMilliseconds.hard 10000
security.OCSP.timeoutMilliseconds.soft 2000
security.aboutcertificate.enabled true
security.all_resource_uri_content_accessible false
security.allow_eval_in_parent_process false
security.allow_eval_with_system_principal false
security.allow_parent_unrestricted_js_loads false
security.alternate_certificate_error_page certerror
security.app_menu.recordEventTelemetry true
security.ask_for_password 0
security.block_Worker_with_wrong_mime false
security.block_importScripts_with_wrong_mime true
security.block_script_with_wrong_mime true
security.cert_pinning.enforcement_level 1
security.cert_pinning.hpkp.enabled false
security.cert_pinning.max_max_age_seconds 5184000
security.cert_pinning.process_headers_from_non_bui ltin_roots false
security.certerrors.mitm.auto_enable_enterprise_ro ots true
security.certerrors.mitm.priming.enabled true
security.certerrors.mitm.priming.endpoint https://mitmdetection.services.mozilla.com/
security.certerrors.permanentOverride true
security.certerrors.recordEventTelemetry true
security.content.signature.root_hash 97:E8:BA:9C:F1:2F:B3E:53:CC:42:A4:E6:57:7E6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E
security.csp.enable true
security.csp.enableNavigateTo false
security.csp.enableStrictDynamic true
security.csp.reporting.script-sample.max-length 40
security.data_uri.block_toplevel_data_uri_navigati ons true
security.data_uri.unique_opaque_origin true
security.default_personal_cert Ask Every Time
security.dialog_enable_delay 1000
security.directory
security.disable_button.openCertManager false
security.disable_button.openDeviceManager false
security.enterprise_roots.enabled false
security.family_safety.mode 2
security.fileuri.strict_origin_policy true
security.identityblock.show_extended_validation false
security.identitypopup.recordEventTelemetry true
security.insecure_connection_icon.enabled true
security.insecure_connection_icon.pbmode.enabled true
security.insecure_connection_text.enabled false
security.insecure_connection_text.pbmode.enabled false
security.insecure_field_warning.contextual.enabled true
security.insecure_field_warning.ignore_local_ip_ad dress true
security.insecure_password.ui.enabled true
security.mixed_content.block_active_content true
security.mixed_content.block_display_content false
security.mixed_content.block_object_subrequest false
security.mixed_content.upgrade_display_content false
security.notification_enable_delay 500
security.onecrl.maximum_staleness_in_seconds 108000
security.osclientcerts.autoload false
security.password_lifetime 30
security.pki.cert_short_lifetime_in_days 10
security.pki.certificate_transparency.mode 0
security.pki.crlite_mode 1
security.pki.distrust_ca_policy 2
security.pki.mitm_canary_issuer
security.pki.mitm_canary_issuer.enabled true
security.pki.mitm_detected false
security.pki.name_matching_mode 3
security.pki.netscape_step_up_policy 1
security.pki.sha1_enforcement_level 3
security.protectionspopup.recordEventTelemetry true
security.remember_cert_checkbox_default_setting true
security.remote_settings.crlite_filters.bucket security-state
security.remote_settings.crlite_filters.checked 0
security.remote_settings.crlite_filters.collection cert-revocations
security.remote_settings.crlite_filters.enabled false
security.remote_settings.crlite_filters.signer onecrl.content-signature.mozilla.org
security.remote_settings.intermediates.bucket security-state
security.remote_settings.intermediates.checked 0
security.remote_settings.intermediates.collection intermediates
security.remote_settings.intermediates.downloads_p er_poll 100
security.remote_settings.intermediates.enabled false
security.remote_settings.intermediates.parallel_do wnloads 8
security.remote_settings.intermediates.signer onecrl.content-signature.mozilla.org
security.sandbox.content.level 5
security.sandbox.content.tempDirSuffix {f9f52534-82d2-45fa-9f68-74b179f174ce}
security.sandbox.content.win32k-disable false
security.sandbox.gmp.win32k-disable false
security.sandbox.gpu.level 0
security.sandbox.logging.enabled false
security.sandbox.plugin.tempDirSuffix {ffa4feaf-066f-4fcd-b8e3-adca9722ab1f}
security.sandbox.rdd.win32k-disable true
security.sandbox.windows.log.stackTraceDepth 0
security.secure_connection_icon_color_gray true
security.signed_app_signatures.policy 2
security.sri.enable true
security.ssl.enable_alpn true
security.ssl.enable_false_start true
security.ssl.enable_ocsp_must_staple true
security.ssl.enable_ocsp_stapling true
security.ssl.errorReporting.automatic false
security.ssl.errorReporting.enabled false
security.ssl.errorReporting.url https://incoming.telemetry.mozilla.o...it/sslreports/
security.ssl.require_safe_negotiation false
security.ssl.treat_unsafe_negotiation_as_broken false
security.ssl3.dhe_rsa_aes_128_sha true
security.ssl3.dhe_rsa_aes_256_sha true
security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 true
security.ssl3.ecdhe_ecdsa_aes_128_sha true
security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384 true
security.ssl3.ecdhe_ecdsa_aes_256_sha true
security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256 true
security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 true
security.ssl3.ecdhe_rsa_aes_128_sha true
security.ssl3.ecdhe_rsa_aes_256_gcm_sha384 true
security.ssl3.ecdhe_rsa_aes_256_sha true
security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256 true
security.ssl3.rsa_aes_128_sha true
security.ssl3.rsa_aes_256_sha true
security.ssl3.rsa_des_ede3_sha true
security.strict_security_checks.enabled false
security.tls.enable_0rtt_data true
security.tls.enable_delegated_credentials false
security.tls.enable_post_handshake_auth false
security.tls.hello_downgrade_check true
security.tls.insecure_fallback_hosts
security.tls.version.enable-deprecated false
security.tls.version.fallback-limit 4
security.tls.version.max 4
security.tls.version.min 3
security.view-source.reachable-from-inner-protocol false
security.webauth.u2f true
security.webauth.webauthn true
security.webauth.webauthn_enable_softtoken false
security.webauth.webauthn_enable_usbtoken true
services.settings.security.onecrl.bucket security-state
services.settings.security.onecrl.checked 1583920850
services.settings.security.onecrl.collection onecrl
services.settings.security.onecrl.signer onecrl.content-signature.mozilla.org
services.sync.prefs.sync.security.default_personal _cert true
 
davide27y ha scritto:
https://forum.mozillaitalia.org/index.php?PHPSESSID=5740ej2oon53mcb5f2lg3qg5l5&topic=73938.0

Ho scoperto che altri utent hanno lo stesso problema...
Clicca per espandere...

Quello che non si capisce è perchè ad alcuni non da nessun errore quando si va qui https://mail.tim.it/

A me non da problemi quella pagina

Ho fatto delle verifiche è il server supporta regolarmente TLS 1.2

Ha una configurazione da schifo, ma comunque supporta TLS 1.2 e con Firefox negozia con questa cifratura


TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 
ERCOLINO ha scritto:
Quello che non si capisce è perchè ad alcuni non da nessun errore quando si va qui https://mail.tim.it/

A me non da problemi quella pagina
Clicca per espandere...
Confermo... stesso problema, accesso non consentito sia a mail alice che tin
Su win10 con FF 64.0

Connessione sicura non riuscita

Si è verificato un errore durante la connessione a aaacsc.alice.it. Il peer utilizza una versione non supportata del protocollo di sicurezza.

Codice di errore: SSL_ERROR_UNSUPPORTED_VERSION
Clicca per espandere...
 
Devi accedere o registrarti per poter rispondere.
Indietro
Alto Basso