: How can different paths on the same domain have different TLS encryption? Take for example this major Swedish newspaper, Dagens Nyheter (literally Today's News). Their web page is available over

@Karen161

It is possible in theory because each visit to a different URL may be a new TLS connection hence a new TLS handshake and exchange of certificates/keys/ciphers choices/etc... Also, even if not desirable of course, there is an existing mode of TLS setup with in fact no encryption at all.

My browser does in fact display also Insecure connection for the RSS feed, which makes me wonder as other low level tools do not. Also chromium shows the page as secure. So I more and more think it is a problem related to Firefox.
Also SSLLabs gives an A+ to the site related to its TLS configuration, so I more and more think of a specific Firefox issue.

Found it, it is specific to Firefox: bugzilla.mozilla.org/show_bug.cgi?id=337897
In short, there is a smart included RSS reader into Firefox, it loads your URL just fine and securely but then use a local application in a jar file to display nicely the RSS output, and this specific module is deemed to be insecure.
Hence the final error message from Firefox is completely misleading and it is a shame they are leaving it as is since so many years (see the bug report quoted above). They even decided they will not fix it at all, supposeddly because this feed reader is "demoted" inside Firefox since a long time ago.

Vote Up Vote Down