

Even Facebook can't get their SSL setup right - Jules8850
https://www.wormly.com/test_ssl/h/www.facebook.com/i/69.171.228.13/p/443

======
Jules8850
Specifically on the edge server we hit in that particular test
(69.171.228.13), they haven't installed their intermediate certificate chain.

Allowing insecure re-negotiation isn't too crash hot, either.

~~~
laz
AFAICT, the tool is broken WRT renegotiation detection.

~% openssl s_client -connect 69.171.228.13:443 2>/dev/null < /dev/null | grep
Reneg

Secure Renegotiation IS NOT supported

~~~
laz
Missing certs in the chain are fixed, BTW. Thanks for pointing it out.

We tracked down a bug in config autogeneration, and are going to add paranoia
to monitor for it in the future.

------
extension
Is this why I always get SSL warnings from embedded FB widgets on my iPad?

Also, FB is not exactly the gold standard for.. um.. things working.

------
foobarbazetc
There's nothing wrong with that. Your testing tool just doesn't have DigiCert
installed as a trusted cert.

Use this instead: <http://www.ssllabs.com/>

------
lox
Great tool, been looking for one of these since tlsreports stopped working.

