- Importing the cert below (settings > security&privacy > certificates) fixes the problem:
https://www.amazontrust.com/repository/SFSRootCAG2.pem
Posted via CB10
Posted via CB1007-26-16 08:52 AMLike 0 - This is the kind of stuff that started happening on my six month old Passport so I bought a PRIV. I don't think enough support is there for BB10 anymore hence the delays in 10.3.3. Seriously doubt whether 10.3.4 will ever happen. I feel they're just buying time until Android 7 Nougat. They've already made claim that it can be secured like BB10. Either way, I'm forced to move to Android or IOS. At least BerryDroid gives me some BB10 features.
Posted via the CrackBerry App for AndroidRPM_KW likes this.07-28-16 09:53 AMLike 1 -
LeapSTR100-2/10.3.2.287607-28-16 02:35 PMLike 2 -
-
Posted via the CrackBerry App for Android07-28-16 04:42 PMLike 0 - CrackBerry is this not one of the very issues that could be forwarded to BlackBerry by you? Would it not be possible to get some feedback on numbers to validate it's significance as a browser issue that requires a fix? This is something that used to be done as one of the special facets of the CrackBerry/BlackBerry relationship. Is that door no longer open? It is in BlackBerry's interest to demonstrate commitment to continue to support BB10 users...
Posted via CB1007-28-16 10:25 PMLike 0 - CrackBerry is this not one of the very issues that could be forwarded to BlackBerry by you? Would it not be possible to get some feedback on numbers to validate it's significance as a browser issue that requires a fix? This is something that used to be done as one of the special facets of the CrackBerry/BlackBerry relationship. Is that door no longer open? It is in BlackBerry's interest to demonstrate commitment to continue to support BB10 users...
Posted via CB10
Posted via the CrackBerry App for AndroidTroy Tiscareno likes this.07-29-16 11:48 AMLike 1 - I think Blackberry's true commitment is to Android going forward. Any commitment to BB10 is only to large enterprise clients and they are supporting those clients by moving to software based solutions for Android, IOS with BB10 conspicuously absent.
Posted via the CrackBerry App for Android
Took me awhile to accept that. I do now.
Posted via CB10 on my ClassicSQC100-1/10.3.2.287607-30-16 05:25 AMLike 0 -
-
So if your browser is paying attention to everything in the TLS handshaking, and does not accept the certificate because something is missconfigured then it is relatively easy to cause problems for such a browser. The questiion is, do you want your browser to indicate that there is an irregularity and, if it is serious enough, not accept the connection, or do you want it to shrug (figuratively) and carry on? After all, what could go wrong? You do have to remember that BlackBerry cryptography software comes from Certicom. Most other browsers use cryptography derrived from OpenSSL, the people who brought you HeartBleed.
Update:
The full URLs you are talking about with BlackBerry help are not fully readable. However I have browsed to https://reddit/r/blackberry/ without problems, and there are no certificate irregularities. Based on how HTTPS works I don't think any pages under /r/blackberry would have certificate based issues.Last edited by Richard Buckley; 08-21-16 at 10:12 AM.
08-20-16 06:23 PMLike 0 -
- 08-20-16 11:32 PMLike 0
-
-
One instance of the first example is the depreciation of the SHA1 signature algorithm in certificates. The official deadline for this is January 1 2017, although some companies are trying to push this up. However when the community agrees on an implementation date for deprecating something and a few individuals decide to go early, those individuals are the bad guys.
The key store in BB10 does still have many CA certificates that are signed using SHA1-RSA. It also has many that are signed with SHA2 hashes. This is probably a reflection of who had their Root CA Certificates updated prior to the last BB10 update. If 10.3.3 doesn't have any CA updates, or it comes after January 1, 2017 BB10 will be out of date. I just checked my Firefox certificate store, it still has CA certificates signed with SHA1 as well.
An instance of the second example would be the EFF's CA for let's encrypt. Acceptance of new CA's takes a lot of time and work. Firefox has just agreed to add the Let's Encrypt CA. As far as I know they are the only ones so far. The BlackBerry browser won't load Let's Encrypt secured sites without intervention. This not just because BB10 doesn't have their new CA, but also because BB10 doesn't trust the existing CA the EFF chose to cross sign with. Each browser provider has to choose which Root CAs ti include. This is a balance of security (since not all CAs are equally trustworthy) and convenience (users not having to take special action). BlackBerry, at least with BBOS and BB10 has set the security bar higher. This is one of the reasons I prefer BB10 over other mobile devices. I'm willing to accept that I will have to occasionally decided if I want to override the browser to see a site. I consider this a security feature. If you don't, then that is a reason to consider one of the other OSs or browsers available.
LeapSTR100-2/10.3.2.2876Supa_Fly1 likes this.08-21-16 09:04 AMLike 1 -
LeapSTR100-2/10.3.2.287608-21-16 12:57 PMLike 0 -
So BlackBerry's not to blame here.
Posted via CB10 using my amazing BlackBerry Passport (OG Red)08-21-16 04:42 PMLike 0 - The only way certificates on a system can be outdated is if there is a big change in the cryptographic basis of the certificate standards, or if a new CA becomes popular.
One instance of the first example is the depreciation of the SHA1 signature algorithm in certificates. The official deadline for this is January 1 2017, although some companies are trying to push this up. However when the community agrees on an implementation date for deprecating something and a few individuals decide to go early, those individuals are the bad guys.
The key store in BB10 does still have many CA certificates that are signed using SHA1-RSA. It also has many that are signed with SHA2 hashes. This is probably a reflection of who had their Root CA Certificates updated prior to the last BB10 update. If 10.3.3 doesn't have any CA updates, or it comes after January 1, 2017 BB10 will be out of date. I just checked my Firefox certificate store, it still has CA certificates signed with SHA1 as well.
An instance of the second example would be the EFF's CA for let's encrypt. Acceptance of new CA's takes a lot of time and work. Firefox has just agreed to add the Let's Encrypt CA. As far as I know they are the only ones so far. The BlackBerry browser won't load Let's Encrypt secured sites without intervention. This not just because BB10 doesn't have their new CA, but also because BB10 doesn't trust the existing CA the EFF chose to cross sign with. Each browser provider has to choose which Root CAs ti include. This is a balance of security (since not all CAs are equally trustworthy) and convenience (users not having to take special action). BlackBerry, at least with BBOS and BB10 has set the security bar higher. This is one of the reasons I prefer BB10 over other mobile devices. I'm willing to accept that I will have to occasionally decided if I want to override the browser to see a site. I consider this a security feature. If you don't, then that is a reason to consider one of the other OSs or browsers available.
LeapSTR100-2/10.3.2.2876
Thank you greatly for this explanation!
I'm curious, then why this ONLY occurs on the Passport, Classic, and Z30, not the Z10 ... and I see this jumping on the same exact WiFi AP and SSID. which I'm confused about.08-23-16 06:24 PMLike 0 - Well that is hardly enough information to start diagnosing the issue. Does the access point do deep packet inspection?08-23-16 08:15 PMLike 0
- I've been getting these too -- for legit websites.
Easiest workaround was to install firefox mobile, use the website, and then uninstall.08-24-16 11:30 AMLike 0 - The only way certificates on a system can be outdated is if there is a big change in the cryptographic basis of the certificate standards, or if a new CA becomes popular.
One instance of the first example is the depreciation of the SHA1 signature algorithm in certificates. The official deadline for this is January 1 2017, although some companies are trying to push this up. However when the community agrees on an implementation date for deprecating something and a few individuals decide to go early, those individuals are the bad guys.
The key store in BB10 does still have many CA certificates that are signed using SHA1-RSA. It also has many that are signed with SHA2 hashes. This is probably a reflection of who had their Root CA Certificates updated prior to the last BB10 update. If 10.3.3 doesn't have any CA updates, or it comes after January 1, 2017 BB10 will be out of date. I just checked my Firefox certificate store, it still has CA certificates signed with SHA1 as well.
An instance of the second example would be the EFF's CA for let's encrypt. Acceptance of new CA's takes a lot of time and work. Firefox has just agreed to add the Let's Encrypt CA. As far as I know they are the only ones so far. The BlackBerry browser won't load Let's Encrypt secured sites without intervention. This not just because BB10 doesn't have their new CA, but also because BB10 doesn't trust the existing CA the EFF chose to cross sign with. Each browser provider has to choose which Root CAs ti include. This is a balance of security (since not all CAs are equally trustworthy) and convenience (users not having to take special action). BlackBerry, at least with BBOS and BB10 has set the security bar higher. This is one of the reasons I prefer BB10 over other mobile devices. I'm willing to accept that I will have to occasionally decided if I want to override the browser to see a site. I consider this a security feature. If you don't, then that is a reason to consider one of the other OSs or browsers available.
LeapSTR100-2/10.3.2.2876
Posted via CB1008-24-16 12:52 PMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
BlackBerry 10 browser issue "Site Blocked"
« BlackBerry World will close on 12/31/2019. Can we use the apps we bought after that??
|
Decrypt sd card on bb10 »
Similar Threads
-
(Leaked)BlackBerry next two smartphones
By Tony Morfin in forum BlackBerry KEYoneReplies: 10Last Post: 05-01-16, 12:27 AM -
What happened to the Skype App on BlackBerry World?
By CrackBerry Question in forum Ask a QuestionReplies: 6Last Post: 04-30-16, 08:29 PM -
BlackBerry Passport Android System completely crashed, any fixes for this?
By CrackBerry Question in forum BlackBerry PassportReplies: 6Last Post: 04-28-16, 03:41 PM -
An honest BlackBerry Priv review
By FishhPoohh in forum BlackBerry PrivReplies: 6Last Post: 04-28-16, 09:25 AM -
How to install Google maps in BlackBerry q10
By Saransh Walia in forum Ask a QuestionReplies: 3Last Post: 04-28-16, 05:55 AM
LINK TO POST COPIED TO CLIPBOARD