SSL here is not secure


#1

I think Let’s Encrypt will 1st need to resolve their own, before I switch to them (see screenshot)

Link to screenshot


#2

You might want to check your browser!

https://www.ssllabs.com/ssltest/analyze.html?d=community.letsencrypt.org&s=64.71.148.5&latest


#3

Google Chrome
Version 44.0.2403.157 m (64-bit)

You might want to check your SSL.


#4

It seem to have been fixed. Glad to see they’re on top of it :smile:


#5

Judging by ”Bitdefender…“ bit in the CA’s common name, it’s safe to say, that your connection is MITM’d by your antivirus software.


#6

Additionally, I am not getting any mixed content warnings. Just to be sure, I went and loaded every single topic. (That may have taken a while.) So yeah, your AV is also inserting that.

You might want to consider ditching it for something that doesn’t screw up your web connections.


#7

This has nothing to do with Let’s Encrypt… As you can see from your screenshot, the certificate is issued by “Bitdefender Personal CA.Net-Defender”

Your Bitdefender software has a “Scan SSL” feature that works by installing it’s own root certificate in your system, and then MITM’ing your SSL connections (presenting its own certificate) allowing it to decrypt the traffic, snoop on it, and run it through a local proxy to the site you are visiting, encrypted with the proper legitimate certificate. And also vice versa.
From Bitdefenders support area:

To solve this issue, we recommend you to temporarily turn off “Scan SSL” feature in Bitdefender as follows:

1. Bring up the main Bitdefender interface
2. Click on Settings from the upper right toolbar
3. From Settings Overview choose Privacy Control
4. In the Antiphishing tab use the switch to temporarily turn off Scan SSL feature
5. Now close the Bitdefender window and try to access the webpage one more time.

#8

I think not 100% there is SNI required but no browser without SNI doesn’t have support for FS.
So also all cipher suites without forward security could be removed. That would also remove the 112 bit 3DES suite.


#10

It look like they Fixed it Now.


#11

No, no fix was necessary - it was due to badly-behaving programs on @GOD’s system.


#12

Okay, I under stand now.


#13

I have the same problem


#14

Complain to your software vendor or uninstall the garbage software that weakens your TLS connections.


#15

Uninstall the software issuing this :smiley: