University of Passau
Department of Informatics and Mathematics
IT-SEC 
   University of Passau  >  FIM  >  IT-SEC  >  Members >  Henrich C. Pöhls > TLS Mashup: Browser Feedback for multiple TLS Connections      SiteMapSitemap  Seitenende

TLS Connection MashUp

This page loads its parts from many different HTTPS sources.

It demonstrates the Browser's inability to signal the user that different SSL certificate validation have been performed.
Please visit this page using HTTPS to see if there are any differences.
This page was compiled to demonstrate the points I have raised in the paper
"Why Showing one TLS Certificate is not enough? Towards a Browser Feedback for Multiple TLS Certificate Verifications"
(appeared in GI Sicherheit 2010 - Gesellschaft für Informatik, GI, 2010. pdf... bibtex ...

Of course if a TLS site includes http content inside https, then the browser can give a "mixed content" warning (depends on user's configuration).
Browsers Mixed Warning

 

  1. Element is an <iframe src="https://bit.ly/">

    • Opera 10.61 Build 8429 - Mac OS X 10.6.7
      BITLY: Opera TLS verification output
    • Opera 11.10 Build 2092 - Windows 7
      BITLY: Opera TLS verification output
    • Firefox 4.0 - Mac OSX 10.6.7
      BITLY: Firefox TLS verification output
  2. Element is an <script src="https://www.google.com/jsapi">
  3. Element is an <img src="https://static.addons.mozilla.net/media/img/zamboni/app_icons/firefox.png?b=da50f35">

    • Opera 10.61 Build 8429 Mac OS X 10.6.7
      MOZILLA: Opera TLS verification output
    • Firefox 4.0 - Mac OSX 10.6.7
      MOZILLA: Firefox TLS verification output
  4. Element is an <img src="https://www.visa.de/assets/images/global/visalogo.gif">

    • Opera 10.61 Build 8429 Mac OS X 10.6.7
      VISA: Opera TLS verification output
    • Opera 11.10 Build 2092 - Windows 7
      VISA: Opera TLS verification output
    • Firefox 4.0 - Mac OSX 10.6.7
      VISA: Firefox TLS verification output

 
  Impressum Last modified: 24/02/2015 - 18:13:12 by hcp  Seitenanfang