Ascii2 Posted September 30, 2018 Report Share Posted September 30, 2018 This posting is to report a bug. I receive an Invalid Certificate dialog box on Maxthon 5.2.4.3000 when trying to view some websites. My system time and date are correct. I use Maxthon v5.2.4.3000 on Windows XP Professional with Service Pack 3. Three example websites are: https://vivaldi.net/ https://easylist.to/ https://www.cloudflare.com/ The issue may be reproduced by visiting one of the example websites for the first time during the browsing session. When that happens, the following dialog box is presented: [Cannot post picture in forum; I receive forum message " The page you are trying to access is not available for your account. "] I have copied the text from Maxthon Security information for the example webpages and display them below. For "https://vivaldi.net/": https://vivaldi.net View requests in Network Panel Connection Protocol TLS 1.2 Key exchange ECDHE_ECDSA Key exchange group X25519 Cipher CHACHA20_POLY1305 Certificate Subject ssl509072.cloudflaressl.com SAN ssl509072.cloudflaressl.com *.vivaldi.net vivaldi.net Valid from Fri, 27 Apr 2018 00:00:00 GMT Valid until Sat, 03 Nov 2018 23:59:59 GMT Issuer COMODO ECC Domain Validation Secure Server CA 2 Open full certificate details For "https://easylist.to/": https://easylist.to View requests in Network Panel Connection Protocol TLS 1.2 Key exchange ECDHE_ECDSA Key exchange group X25519 Cipher CHACHA20_POLY1305 Certificate Subject sni191559.cloudflaressl.com SAN sni191559.cloudflaressl.com *.all-cardealers.com Show more (95 total) Valid from Wed, 19 Sep 2018 00:00:00 GMT Valid until Thu, 28 Mar 2019 23:59:59 GMT Issuer COMODO ECC Domain Validation Secure Server CA 2 Open full certificate details For "https://www.cloudflare.com/": https://www.cloudflare.com View requests in Network Panel Connection Protocol TLS 1.2 Key exchange ECDHE_ECDSA Key exchange group X25519 Cipher CHACHA20_POLY1305 Certificate Subject cloudflare.com SAN cloudflare.com www.cloudflare.com Valid from Fri, 28 Oct 2016 00:00:00 GMT Valid until Fri, 02 Nov 2018 12:00:00 GMT Issuer DigiCert ECC Extended Validation Server CA Open full certificate details I notice that the Maxthon 5 provided Security information appears quite similar. Maxthon v5.2.4.3000 has a button in the site Security information area and is labeled "Open full certificate details", but the button does not do anything (this may be another bug). I did find what I believe to be the same issue referenced in an older Maxthon Community Forums thread; it is located: The older thread appeared to reference the issue but did not actually appear resolved. Instead, user BugSir006 stated that: " The issue of incorrect unsafe warning when accessing Gmail(under some special scenes) has been fixed in 5.1.3.200.". The problem referenced in these threads may be different than the one fixed. Link to comment Share on other sites More sharing options...
-ody- Posted September 30, 2018 Report Share Posted September 30, 2018 no issue with any of these sites, but you say "when that happens" so I guess the bug is not consistent ? 41 minutes ago, Ascii2 said: The issue may be reproduced by visiting one of the example websites for the first time during the browsing session. When that happens, the following dialog box is presented: [Cannot post picture in forum; I receive forum message " The page you are trying to access is not available for your account. "] Link to comment Share on other sites More sharing options...
Ascii2 Posted September 30, 2018 Author Report Share Posted September 30, 2018 11 minutes ago, -ody- said: no issue with any of these sites, but you say "when that happens" so I guess the bug is not consistent ? The bug would be consistent. If you cannot reproduce the bug there may be another variable. Perhaps things are handled differently for Windows NT5.x series operating systems than on Windows NT 6.x series operating systems. EDIT: I have tried to reproduce the issue in a Windows 7 with Service Pack 1 virtual machine on the three example sites. The problem only manifested on the https://vivaldi.net/ instance. I do not know if it matters, but I have done all testing on the portable version. Link to comment Share on other sites More sharing options...
BugSir006 Posted September 30, 2018 Report Share Posted September 30, 2018 2 hours ago, Ascii2 said: This posting is to report a bug. I receive an Invalid Certificate dialog box on Maxthon 5.2.4.3000 when trying to view some websites. My system time and date are correct. I use Maxthon v5.2.4.3000 on Windows XP Professional with Service Pack 3. Three example websites are: https://vivaldi.net/ https://easylist.to/ https://www.cloudflare.com/ The issue may be reproduced by visiting one of the example websites for the first time during the browsing session. When that happens, the following dialog box is presented: [Cannot post picture in forum; I receive forum message " The page you are trying to access is not available for your account. "] I have copied the text from Maxthon Security information for the example webpages and display them below. For "https://vivaldi.net/": https://vivaldi.net View requests in Network Panel Connection Protocol TLS 1.2 Key exchange ECDHE_ECDSA Key exchange group X25519 Cipher CHACHA20_POLY1305 Certificate Subject ssl509072.cloudflaressl.com SAN ssl509072.cloudflaressl.com *.vivaldi.net vivaldi.net Valid from Fri, 27 Apr 2018 00:00:00 GMT Valid until Sat, 03 Nov 2018 23:59:59 GMT Issuer COMODO ECC Domain Validation Secure Server CA 2 Open full certificate details For "https://easylist.to/": https://easylist.to View requests in Network Panel Connection Protocol TLS 1.2 Key exchange ECDHE_ECDSA Key exchange group X25519 Cipher CHACHA20_POLY1305 Certificate Subject sni191559.cloudflaressl.com SAN sni191559.cloudflaressl.com *.all-cardealers.com Show more (95 total) Valid from Wed, 19 Sep 2018 00:00:00 GMT Valid until Thu, 28 Mar 2019 23:59:59 GMT Issuer COMODO ECC Domain Validation Secure Server CA 2 Open full certificate details For "https://www.cloudflare.com/": https://www.cloudflare.com View requests in Network Panel Connection Protocol TLS 1.2 Key exchange ECDHE_ECDSA Key exchange group X25519 Cipher CHACHA20_POLY1305 Certificate Subject cloudflare.com SAN cloudflare.com www.cloudflare.com Valid from Fri, 28 Oct 2016 00:00:00 GMT Valid until Fri, 02 Nov 2018 12:00:00 GMT Issuer DigiCert ECC Extended Validation Server CA Open full certificate details I notice that the Maxthon 5 provided Security information appears quite similar. Maxthon v5.2.4.3000 has a button in the site Security information area and is labeled "Open full certificate details", but the button does not do anything (this may be another bug). I did find what I believe to be the same issue referenced in an older Maxthon Community Forums thread; it is located: The older thread appeared to reference the issue but did not actually appear resolved. Instead, user BugSir006 stated that: " The issue of incorrect unsafe warning when accessing Gmail(under some special scenes) has been fixed in 5.1.3.200.". The problem referenced in these threads may be different than the one fixed. Hi Ascii2, Because your XP system hasn't installed the latest root certificate. Link to comment Share on other sites More sharing options...
Ascii2 Posted October 8, 2018 Author Report Share Posted October 8, 2018 On 9/30/2018 at 1:53 AM, BugSir006 said: Hi Ascii2, Because your XP system hasn't installed the latest root certificate. Hello, BugSir006. Sorry for the late response. I have installed the latest available root certificates (through September 2018) on the Windows XP with Service Pack 3 instance, but it does not resolve the problem. I do notice that the certificates reference "ECC", which I believe to be Elliptic Curve Cryptography, something not implemented on Windows XP with Service Pack 3. These certificates also cannot be imported normally nor function if they added by adding information to Windows Registry. I suppose that one would have to hope that someday an update adding Elliptic Curve Cryptography to the operating system. After testing after the root certificate update, I noticed that I was able to access less test websites than before the root certificate update. The root certificate update adds certificates and removes others; I believe it likely that one or some the the deleted certificates were used by some of the sites (perhaps as alternate certificates). My understanding is that websites may have one or multiple certificates if it uses certificates. I have observed that web browsers present only information for one certificate. It would seem that only one certificate is used to certify a website. Is this truly the case? Also, how do web servers and clients (browsers) come to an agreement as to which certificate or certificates to use? Is the process to determine which certificate or certificates to use the same regardless of browser? Link to comment Share on other sites More sharing options...
BugSir006 Posted October 9, 2018 Report Share Posted October 9, 2018 8 hours ago, Ascii2 said: I have installed the latest available root certificates (through September 2018), but it does not resolve the problem. Bug confirmed. Link to comment Share on other sites More sharing options...
Ascii2 Posted October 9, 2018 Author Report Share Posted October 9, 2018 9 hours ago, BugSir006 said: Bug confirmed. I have tried updating the root certificates on Windows 7 and the problem reported in this thread no longer manifested. On Windows XP, the operating system's certificate management does not handle ECC certificates, which appear to be what the tests sites are using. I believe that you were right that this had to do with the root certificates. This would seem to be a website design issue. Link to comment Share on other sites More sharing options...
BugSir006 Posted October 10, 2018 Report Share Posted October 10, 2018 10 hours ago, Ascii2 said: I have tried updating the root certificates on Windows 7 and the problem reported in this thread no longer manifested. On Windows XP, the operating system's certificate management does not handle ECC certificates, which appear to be what the tests sites are using. I believe that you were right that this had to do with the root certificates. This would seem to be a website design issue. Yes, the developer checked out this issue again, it is related to the XP system. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.