SSL here is not secure

GOD · August 27, 2015, 5:00pm

I think Let’s Encrypt will 1st need to resolve their own, before I switch to them (see screenshot)

Link to screenshot

germeier · August 27, 2015, 5:28pm

You might want to check your browser!

https://www.ssllabs.com/ssltest/analyze.html?d=community.letsencrypt.org&s=64.71.148.5&latest

GOD · August 27, 2015, 5:50pm

Google Chrome
Version 44.0.2403.157 m (64-bit)

You might want to check your SSL.

GOD · August 27, 2015, 5:54pm

It seem to have been fixed. Glad to see they’re on top of it

Nekit · August 27, 2015, 10:21pm

Judging by ”Bitdefender…“ bit in the CA’s common name, it’s safe to say, that your connection is MITM’d by your antivirus software.

riking · August 28, 2015, 1:05am

Additionally, I am not getting any mixed content warnings. Just to be sure, I went and loaded every single topic. (That may have taken a while.) So yeah, your AV is also inserting that.

You might want to consider ditching it for something that doesn’t screw up your web connections.

spunkyspunktech · August 28, 2015, 4:02am

This has nothing to do with Let’s Encrypt… As you can see from your screenshot, the certificate is issued by “Bitdefender Personal CA.Net-Defender”

Your Bitdefender software has a “Scan SSL” feature that works by installing it’s own root certificate in your system, and then MITM’ing your SSL connections (presenting its own certificate) allowing it to decrypt the traffic, snoop on it, and run it through a local proxy to the site you are visiting, encrypted with the proper legitimate certificate. And also vice versa.
From Bitdefenders support area:

To solve this issue, we recommend you to temporarily turn off “Scan SSL” feature in Bitdefender as follows:

1. Bring up the main Bitdefender interface
2. Click on Settings from the upper right toolbar
3. From Settings Overview choose Privacy Control
4. In the Antiphishing tab use the switch to temporarily turn off Scan SSL feature
5. Now close the Bitdefender window and try to access the webpage one more time.

tlussnig · September 10, 2015, 6:48am

I think not 100% there is SNI required but no browser without SNI doesn’t have support for FS.
So also all cipher suites without forward security could be removed. That would also remove the 112 bit 3DES suite.

trevor · September 15, 2015, 6:15pm

It look like they Fixed it Now.

riking · September 15, 2015, 7:49pm

No, no fix was necessary - it was due to badly-behaving programs on @GOD’s system.

trevor · September 15, 2015, 7:51pm

Okay, I under stand now.

darckyn · December 29, 2016, 1:25am

I have the same problem

TCM · December 29, 2016, 3:52am

Complain to your software vendor or uninstall the garbage software that weakens your TLS connections.

bosco · December 29, 2016, 1:05pm

Uninstall the software issuing this