Some time back I posted questions concerning comparing a website's certificate fingerprint to the value obtained using GRC's tool. I've been using that for a few accounts, and the occasional mismatches were always from a renewed certificate. Lately quite a few of those same sites have been coming up mismatched and not from renewed certificates, I always check GRC for that. Not being sure what was going on I posed the question to ChatGPT, asking about fingerprints and man in the middle attacks. Out of the reply it mentioned using SSL checker (SSLShopper com) to check certificates.
I tried a couple of my mismatches on SSLS and everything checks out OK. I am assuming that is correct since I think it unlikely that many of my sites have suddenly fallen to man in the middle attacks. Is anyone familiar with or has used SSLShopper? I am still exploring the services there. Out of curiosity I put GRC com in the searchbox of SSLTest and after a while it came up with an overall rating of "B" due to protocol support and key exchange. What was interesting is that GRC's fingerprint from GRC's checker did not match the output on SSLTest.
With all that said, adding I still don't fully understand things, I have a couple questions concerning how to tell if I am on an actual connection to a website or if there is a man in the middle intercepting comms.
I use Firefox almost exclusively and check it and add ons for updates daily. Can I trust Firefox to notify me of MITM attacks? Sometime back someone mentioned I should stop checking fingerprints since they are being depreciated. If that's the case is there another way detect a MITH? Could SSLLabs com detect a MITM? Is it as simple as looking for the lock symbol in the address bar.... that just seems too easy to trust.
Any links, documents or thoughts would be appreciated. As a final note I tried Nationwide.com in SSLLabs com, one of the 'problem' sites. It showed 2 servers both with A+ ratings even though checking fingerprints don't match. When checking on GRC it gets:
One or more errors were encountered when querying:
nationwide.com
I tried a couple of my mismatches on SSLS and everything checks out OK. I am assuming that is correct since I think it unlikely that many of my sites have suddenly fallen to man in the middle attacks. Is anyone familiar with or has used SSLShopper? I am still exploring the services there. Out of curiosity I put GRC com in the searchbox of SSLTest and after a while it came up with an overall rating of "B" due to protocol support and key exchange. What was interesting is that GRC's fingerprint from GRC's checker did not match the output on SSLTest.
With all that said, adding I still don't fully understand things, I have a couple questions concerning how to tell if I am on an actual connection to a website or if there is a man in the middle intercepting comms.
I use Firefox almost exclusively and check it and add ons for updates daily. Can I trust Firefox to notify me of MITM attacks? Sometime back someone mentioned I should stop checking fingerprints since they are being depreciated. If that's the case is there another way detect a MITH? Could SSLLabs com detect a MITM? Is it as simple as looking for the lock symbol in the address bar.... that just seems too easy to trust.
Any links, documents or thoughts would be appreciated. As a final note I tried Nationwide.com in SSLLabs com, one of the 'problem' sites. It showed 2 servers both with A+ ratings even though checking fingerprints don't match. When checking on GRC it gets:
One or more errors were encountered when querying:
nationwide.com
- The SSL/TLS security certificate obtained from the remote server was invalid. The trouble was severe enough that we were unable to obtain the certificate's common name and/or fingerprint. There is a server answering on the HTTPS port 443 of the IP address associated with the domain name you supplied (shown above). But the server may be answering HTTPS as if it was HTTP and returning a web page rather than a proper SSL/TLS setup handshake. (We have encountered this behavior.)