Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stadium-love-.tumblr.com - connection not secure #117269

Closed
webcompat-bot opened this issue Jan 24, 2023 · 3 comments
Closed

stadium-love-.tumblr.com - connection not secure #117269

webcompat-bot opened this issue Jan 24, 2023 · 3 comments
Labels
browser-firefox diagnosis-priority-p2 engine-gecko The browser uses the Gecko rendering engine os-linux Issues only happening on Linux. priority-normal severity-critical The site or core functionality is unusable, or you would probably open another browser to use it. type-ssl Related to certificates and https
Milestone
duplicate

Comments

@webcompat-bot
Copy link

webcompat-bot commented Jan 24, 2023
edited

URL: https://stadium-love-.tumblr.com/post/42470433237/willbd3-dahlgren-hall-on-the-naval-academys

Browser / Version: Firefox 109.0
Operating System: Linux
Tested Another Browser: Yes Chrome

Problem type: Site is not usable
Description: Page not loading correctly
Steps to Reproduce:
There was a "security issue" because stadium-love-.tumblr.com apparently doesn't match .tumblr.com (except that it does).
A check with OpenSSL 3.0.x says: subjectAltName: host "stadium-love-.tumblr.com" matched cert's ".tumblr.com"
The site works in other browsers, so I decided to report it to Firefox. If I had to guess, there's some edge case with the hostname ending with a hyphen.

The following is from the error page in Firefox:

Did Not Connect: Potential Security Issue

Firefox detected a potential security threat and did not continue to stadium-love-.tumblr.com because this website requires a secure connection.

What can you do about it?

stadium-love-.tumblr.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.

The issue is most likely with the website, and there is nothing you can do to resolve it. You can notify the website’s administrator about the problem.

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for stadium-love-.tumblr.com. The certificate is only valid for the following names: *.tumblr.com, tumblr.com

Error code: SSL_ERROR_BAD_CERT_DOMAIN

Browser Configuration
  • None

From webcompat.com with ❤️
@webcompat-bot webcompat-bot added the action-needsmoderation The moderation has not yet been completed label Jan 24, 2023
@webcompat-bot webcompat-bot added this to the needstriage milestone Jan 24, 2023
@webcompat-bot webcompat-bot added the browser-fixme This requires manual assignment for the browser name label Jan 24, 2023
@gkubaryk
Copy link

This is mine, in case there are any followup questions.

@webcompat-bot webcompat-bot changed the title In the moderation queue. stadium-love-.tumblr.com - site is not usable Jan 25, 2023
@webcompat-bot webcompat-bot added browser-firefox engine-gecko The browser uses the Gecko rendering engine priority-critical and removed browser-fixme This requires manual assignment for the browser name action-needsmoderation The moderation has not yet been completed labels Jan 25, 2023
@sv-calin sv-calin added the os-linux Issues only happening on Linux. label Jan 25, 2023
@sv-calin
Copy link

sv-calin commented Jan 25, 2023
edited

Thank you for reporting this issue, I was able to reproduce it.

image

Tested on:
• Browser / Version: Firefox Nightly 111.0a1 (2023-01-24) / Firefox Release 109.0 / Chrome 109.0.5414.75
• Operating System: Windows 10

Notes:

  1. Reproducible on both Firefox Release and Nightly
  2. Not reproducible on Chrome

Moving to Needsdiagnosis.

[qa_04/2023]

@sv-calin sv-calin changed the title stadium-love-.tumblr.com - site is not usable stadium-love-.tumblr.com - connection not secure Jan 25, 2023
@sv-calin sv-calin added priority-normal type-ssl Related to certificates and https severity-critical The site or core functionality is unusable, or you would probably open another browser to use it. and removed priority-critical labels Jan 25, 2023
@sv-calin sv-calin modified the milestones: needstriage, needsdiagnosis Jan 25, 2023
@ksy36
Copy link
Contributor

ksy36 commented Mar 8, 2023

This is a duplicate of https://bugzilla.mozilla.org/show_bug.cgi?id=1184059

@ksy36 ksy36 closed this as completed Mar 8, 2023
@ksy36 ksy36 removed the status-needsinfo-ksy36 ping @ksy36 label Mar 8, 2023
@ksy36 ksy36 modified the milestones: needsdiagnosis, duplicate Mar 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
browser-firefox diagnosis-priority-p2 engine-gecko The browser uses the Gecko rendering engine os-linux Issues only happening on Linux. priority-normal severity-critical The site or core functionality is unusable, or you would probably open another browser to use it. type-ssl Related to certificates and https
Projects
None yet
Milestone
duplicate
Development

No branches or pull requests
4 participants
@gkubaryk @ksy36 @webcompat-bot @sv-calin