-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Brave accepts TLS 1.0 and TLS 1.1 without any warning! #10607
Comments
cc: @fmarier when you get a moment can you take a look? |
That's definitely a bug since this was deprecated a while back in Chromium. We should be seeing interstitials like in Chrome: but for some reason that doesn't work in Brave, even with the following flags enabled: I tested this in Nightly:
|
Digging in on this one...
See
|
On Beta it doesn't even show the warning if you click on the icon. (It does for me on master) |
Mystery solved - that config is initialized after a component is registered and installed via component updater By default, we don't register / install this component If I visit brave://components and click |
If we want this functionality, we should be able to:
|
we definitely want to show TLS 1.0/1.1 as insecure like chrome does |
Verification passed on
Verification PASSED on
Reproduced the original issue using
Verified that the cases from brave/brave-core#6574 & #10607 (comment) are working under
Verification passed on
Also tested after upgrade from 1.13.x |
Verification passed on OnePlus 6T with Android 10 running 1.14.82 x64 RC build
Verification passed on Samsung Tab A with Android 10 running 1.14.82 x64 RC build
Verification passed on Nexus 6P Emulator with Android 7 running 1.14.82 x86 RC build
|
Test Plan
Specified here: brave/brave-core#6574
Description
Brave shows that TLS 1.0/1.1 is secure. You have to click on the lock icon to get a warning. But the lock should indicate that BEFORE clicking on it
Steps to Reproduce
Actual result:
The lock symbol shows a secure connection
Expected result:
The lock symbol should show an "not secure connection"
Reproduces how often:
Every site that uses TLS 1.0 or TLS 1.1
Brave version (brave://version info)
1.10.97 Chromium: 83.0.4103.116 (Official Build) (64-bit)
Version/Channel Information:
Other Additional Information:
Miscellaneous Information:
The text was updated successfully, but these errors were encountered: