Opera Mini TLS/SSL issues

  • I ran ssllabs.com test for browser Opera Mini 11.0.1912.96480 and it tells me that the browser is vulnerable to LOGJAM, FREAK and POODLE (SSLv3) and tells me to upgrade my browser as soon as possible. However I am using the latest version from Google Play, so this seems to be serious issue with Opera Mini itself.

    Another issue that it warns about is Opera Mini acccepting all mixed content. It's widely accepted behaviour to only accept images which are passive content and this is what you see with all major desktop browsers (including Opera). The test also warns about supporting insecure ciphers and not having OCSP stapling.

    https://www.ssllabs.com/ssltest/viewMyClient.html

    Android 4.4.4 on Samsung GT-I9305.

  • Switch to "High" savings mode and test again. I see no problems here.

    "Extreme" mode is the new name for Mini/OBML protocol. Testing this stuff in OBML is meaningless because Opera relies on Mini servers do to the actual work of the web browser.

  • I see this message
    " Your user agent doesn't support TLS 1.2. You should upgrade.
    The protocols supported by your user agent are old and have known vulnerabilities. You should upgrade as soon as possible."

  • Then you're testing the wrong thing. Mini for Android (and iOS for that matter) DOES support TLS 1.2 and doesn't contain any of the vulnerabilities mentioned in the first post.

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.