Giters

mozilla / mig

Distributed & real time digital forensics at the speed of the cloud

Home Page:http://mig.mozilla.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

HTTPS not available - mig.mozilla.org

SCMGuruLLC opened this issue · comments

commented

The issue here isn't that there isn't HTTPS, but that the certificate used for the site is signed for GitHub. Since no subjectAltName extension values are provided, the Common Name is the source of truth that the browser relies on.

You may also want to look at the TLS analysis section of the Observatory. The certificate itself is valid. https://observatory.mozilla.org/analyze.html?host=mig.mozilla.org#tls

~ ❯ openssl s_client -connect mig.mozilla.org:443 -showcerts                                                                                                                                   [ruby-2.3.0]
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.github.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=*.github.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
-----BEGIN CERTIFICATE-----
   ...
-----END CERTIFICATE-----
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-----BEGIN CERTIFICATE-----
   ...
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=*.github.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3612 bytes and written 434 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: ED7DD9F94AB5C46F2324BE2F38613CAE671D50C9323B12C56B81766CCA219BF3
    Session-ID-ctx:
    Master-Key: BB00E4C2D9E55B63FAD66941F8A65BDC178D7F9123EF0697C96E04E4C535867F424DC3CF1C0F5E74B723CE7DF518668F
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1514353817
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

I'd suggest the maintainers update the certificate, but otherwise this issue should be closed.