Page 1 of 1

Unauthenticated content warning on Members' Facilities pages

Posted: Wed Mar 28, 2012 11:06 pm
by smithi
Hi,

only noticed this tonight, can't be certain but I think I'd have noticed before; in any case it's very recent.

Mozilla (seamonkey) shows the main page https://www.exetel.com.au/members/home.php and most (but not all) of its subpages showing a red broken padlock on its status line, mouseover saying 'Warning: contains unauthenticated content', clicking which brings up the Page Info / Security tab stating:

"Connection partially encrypted
Parts of the page you are viewing were not encrypted before being transmitted over the internet.
Information sent over the internet without encryption can be seen by other people while it is in transit."

I had a quick look through the (received) page source but nothing jumped out at me - not claiming too much expertise, nor time spent :) If I was a betting man I'd put money on some broken Javascript ..

cheers, Ian

LATER EDIT ..

Ok, after restarting my browser after a week or two running, this isn't happening anymore, so it likely was broken Javascript - on my end. Weird and unusual. Pardon the noise, delete at will .. Ian

Re: Unauthenticated content warning on Members' Facilities p

Posted: Thu Mar 29, 2012 9:48 am
by Dazzled
It's not Javascript. Seamonkey itself follows up the certificate at the point of connection - see under Security Features at http://www.seamonkey-project.org/legal/privacy. You may have inadvertently turned this feature off. If it happens again with the browser not picking it up, an easy way to check a site's certificate is with openssl.

Re: Unauthenticated content warning on Members' Facilities p

Posted: Thu Mar 29, 2012 3:11 pm
by smithi
Dazzled wrote:It's not Javascript. Seamonkey itself follows up the certificate at the point of connection - see under Security Features at http://www.seamonkey-project.org/legal/privacy. You may have inadvertently turned this feature off. If it happens again with the browser not picking it up, an easy way to check a site's certificate is with openssl.
Thanks Daz,

I've never had OCSP validation turned on, but am set to notice encr/unencr mix, usually only seen on relatively dodgy sites, which is why I was surprised. Seamonkey isn't perfect (understatement!) and after a busy few days with a zillion tabs often needs restarting due to having leaked too much memory, but I'd not seen this behaviour before. There was nothing to indicate it was a cert problem, if it was, and I'm putting it down as a mystery not worth chasing, but I will try restarting it before reporting apparent errors next time :)

cheers, Ian