I normally use Firefox to log into Anveo. I tried it just now and landed on a Firefox Insecure Connection splash page. The reason shown is:quote:www.anveo.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER
I've never seen this problem before. I don't know if there is a new problem at Anveo or if Firefox tightened their security testing criteria. There are no security warnings when using Chrome.
Using SSL Labs' Server Test, Anveo has an F rating due to one particular vulnerability.quote:This server supports 512-bit export suites and might be vulnerable to the FREAK attack. Grade set to F.
https://www.ssllabs.com/ssltest/analyze.html?d=anveo.com
Edit: I just noticed that the security certificate validity date is from yesterday, so there must be an error introduced when updating the certificate:quote:Valid from Thu, 26 Jan 2017 00:00:00 UTC
Hope they can fix this soon.
Can anyone elaborate on these issues?
↧