19 recenzí tohoto doplňku
  • Mozilla, please provide the necessary API's for this plugin to exist!
    Privacy and security 1st, ease of use and speed later!

  • miss it, hope for webextension!?

    Odpověď vývojáře

    There won't be WebExtensions support, until Mozilla implements the necessary APIs. Please see https://github.com/sibiantony/ssleuth/issues/78

  • Great! hope you update for 57!

    Please, if you find the time, check with the progress here: (you have supporters too :)

    Odpověď vývojáře

    There won't be WebExtensions support, until Mozilla implements the necessary APIs. Please see https://github.com/sibiantony/ssleuth/issues/78

  • Really usefull extension, with sure results. It would be good to have a version compatible with Firefox 57 !

  • Given the numerous reports of CAs being compromised or forced to turn over SSL certificates by governments, having the ability to review basic certificate information should be built into Firefox.
    I hope Mozilla integrates this addon at some point, even just as an optional advanced mode for the existing certificate panel.

  • Provides a lot of useful information, and is especially beneficial when combined with HTTPS Everywhere.

  • This Extension provides information on supporting servers for any Web page, secure or otherwise; secure page host data include available certificate details in addition to details on the host cipher suite. I routinely use the Domains Observer to break down the information by server, host and supporting; data include cipher suites, certificate algorithms, and key algorithms.

    Addendum: This Extension will need an upgrade for TLS 1.3, which is approaching release candidate as of January 2017; due to major amendment of protocol at the IETF, SSleuth signals false positives for insecure connection (viz., the actual connection is secure, but the key-exchange and certificate algorithms do not report) on TLS 1.3 only.

  • Helped me discover my security suite installed a third party certificate authority, consequently resulting in a far less secure certificate suite in use locally while being unable to verify the actual certificate in use before having been intercepted by the SSL inspector/security authority in use. (Fundamentally defeating the use scenario for this extension and undermining your ability to know if a truly secure cipher suite is in use and depending on that SSL inspector feature to be without flaw.) (In addition to the potential for abuse to snoop or make use of insecure cipher suites on purpose.)

  • Perfect for developers, and system administrators. Also the paranoid too!

    Now I can test whether certificate upgrades on our servers are being completed and propagate to users.

    The "Domains" tab is also a good indication of weak links in your web applications. Because not all content is handled securely. Hence, why you'd see a "Mixed-Content" warning in Firefox or Chrome.

  • Security must have.
    Now i know my bank uses a far worse security communication than Github <3

  • Excellent. Better than Cipherfox. Doesn't enforce a limit like Qualys SSLtest does.

  • Gives a lot of info at a glance. There's a non-default setting to make it colour the location bar, which makes it subliminal.

    The only thing I would want to be improved is the layout within the pop up, which looks a bit messy. The gear icon isn't right-aligned, the text is at different sizes, and some of the text would look better with a table or grid-like alignment.

    Odpověď vývojáře

    Thank you for the feedback!

    The panel interface is a lot work, and the different sizes of the text are to highlight the important things. The panel is created to be flexible so that with lengthy text (cipher suite name, validity times etc) it shows up in one line.
    I hope to move the panel elements to a grid in a future release.

  • Really great add-on! Perfect UI Integration, simple Ranking mechanism, very detailed information. I especially like the domains option, which makes it really easy to see which third party sites bringing in mixed content have bad ssl configuration.

    Some notes for the developer here:
    Text rendering isn't that great. Dunno whats wrong there, could also be my machine.
    It'd be great to show an 'x' of some sort or sth like that for (third party) domains that were blocked, e.g. by cipher_mismatch, because that happens quite frequently if rc4 and triple des are disabled.

    Odpověď vývojáře

    Text rendering - Not sure what you meant by that. Perhaps a screenshot should help (github-> issues). The text appearance is mostly from Firefox/your-system-fonts etc.
    Blocked domains - yes, that's interesting. Although I'm not sure if it's really possible to observe blocked domains and find the reason why there were blocked. Any ways, will keep that in mind.

  • This add-on is excellent. It does what it says, and well.

    One can only hope that it will be integrated into Firefox in the future!

    The one thing that bothered me about the display was that that one sometimes has to scroll down (in the "domains" display, for example) even if there would be space for the rest of the information if the text box were bigger.

    It would be nice if it (like the similar display that opens in Google Chrome when clicking on the lock icon) included information on page permissions and the ability to change them (or perhaps that is asking too much).

    Odpověď vývojáře

    Thanks. Yes, I'm aware of the domains tab height problem.
    It's a limitation I hit with a richlistbox and while adjusting the height of the main https view, the http view etc. Will see if this can be fixed in a future release. Things had been keeping me busy, so was not able to make a release in some time.

    Page permissions - are out of scope of this addon, unfortunately.

  • Fantastic extension. Thank you!

    Not only does SSleuth provide a convenient way to evaluate the relative quality of a site's ssl config, it also serves as a great starting point for the uninitiated to learn more about how the different components of the PKI relate.

  • Nice tool, active developer

    Odpověď vývojáře

    Thanks. I don't plan to be active for long. :) Hoping to make it stable soon and then only maintain the bare minimum stuff.

  • Very, very good stuff! Worth five stars right away!

    Makes one wonder why this sort of thing isn't built in!

  • Very nice! It tells me what I want to know automatically with details just 1 click away.
    I like it much more than CipherFox.

  • Excellent! Does what it says. Please keep it alive!