Opera Mini TLS/SSL issues
-
ciblia last edited by
I ran ssllabs.com test for browser Opera Mini 11.0.1912.96480 and it tells me that the browser is vulnerable to LOGJAM, FREAK and POODLE (SSLv3) and tells me to upgrade my browser as soon as possible. However I am using the latest version from Google Play, so this seems to be serious issue with Opera Mini itself.
Another issue that it warns about is Opera Mini acccepting all mixed content. It's widely accepted behaviour to only accept images which are passive content and this is what you see with all major desktop browsers (including Opera). The test also warns about supporting insecure ciphers and not having OCSP stapling.
https://www.ssllabs.com/ssltest/viewMyClient.html
Android 4.4.4 on Samsung GT-I9305.
-
tenshin111 last edited by
Switch to "High" savings mode and test again. I see no problems here.
"Extreme" mode is the new name for Mini/OBML protocol. Testing this stuff in OBML is meaningless because Opera relies on Mini servers do to the actual work of the web browser.
-
Deleted User last edited by
I see this message
" Your user agent doesn't support TLS 1.2. You should upgrade.
The protocols supported by your user agent are old and have known vulnerabilities. You should upgrade as soon as possible." -
tenshin111 last edited by
Then you're testing the wrong thing. Mini for Android (and iOS for that matter) DOES support TLS 1.2 and doesn't contain any of the vulnerabilities mentioned in the first post.
