TBB Gives HTTPS Green Lock for misconfigured SSL/TLS
I have just reported a flaw with passing a misconfigured ssl/tls certificate which is allowing MITM. I reported that against https-everywhere but they answered it that https-everywhere doesnt access ssl info. So maybe it is a browser level issue?
otherwise really what is the use of green lock and https-everywhere plugin if a website pretend to be having ssl/tls connection while in fact its just fake one and MITM is possible through it ?
SSL test:
https://www.ssllabs.com/ssltest/analyze.html?d=zu.ac.ae
HTTPS-Everywhere Github Ticket:
https://github.com/EFForg/https-everywhere/issues/17851#event-2309447045
Trac:
Username: bo0od