Hi all,
Hope you all updated to FF36.....
I was just checking through the web console option of dev tools in Moz.
I noticed that there is a security error for each community pages I visited
The screen shot is as below :Text:
"21:46:32.205 This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More] en
21:46:38.418 GET https://cdn.ckeditor.com/4.4.0/full-all/plugins/codesnippet/lib/highlight/styles/default.css
21:46:38.420 GET https://cdn.ckeditor.com/4.4.0/full-all/plugins/codesnippet/lib/highlight/highlight.pack.js
21:46:38.776 GET https://nexus.ensighten.com/symantec/community/Bootstrap.js
21:46:38.777 GET https://nexus.ensighten.com/symantec/scode/om_code_min.js
21:46:38.779 GET https://nexus.ensighten.com/symantec/scode/s_code_min.js "
Links specified in the log:
Weak Signature Algorithm
Phasing Out Certificates with SHA-1 based Signature Algorithms
"We plan to add a security warning to the Web Console to remind developers that they should not be using a SHA-1 based certificate. We will display an additional, more prominent warning if the certificate will be valid after January 1, 2017, since we will reject that certificate after that date. We plan to implement these warnings in the next few weeks, so they should be appearing in released versions of Firefox in early 2015. We may implement additional UI indicators later. For instance, after January 1, 2016, we plan to show the “Untrusted Connection” error whenever a newly issued SHA-1 certificate is encountered in Firefox. After January 1, 2017, we plan to show the “Untrusted Connection” error whenever a SHA-1 certificate is encountered in Firefox. "
Says link 2 above.
Test results: https://www.sha2sslchecker.com/norton.com (safe)
https://www.sha2sslchecker.com/oms.symantec.com (safe)
https://www.sha2sslchecker.com/cdn.ckeditor.com (safe)
https://www.sha2sslchecker.com/nexus.ensighten.com (safe)
https://www.sha2sslchecker.com/js-agent.newrelic.com (safe)
https://www.sha2sslchecker.com/www.norton.com (vul)
https://www.sha2sslchecker.com/community.norton.com (vul)
https://www.sha2sslchecker.com/ckeditor.com (vul)
https://www.sha2sslchecker.com/beacon-3.newrelic.com (vul)
What do you see?