You can test it here yourself: https://www.ssllabs.com/ssltest/viewMyClient.html
Just enable fiddler and allow the certificates... see the image below for details.
This makes automatically ignoring cert errors highly dangerous.
https://www.forbes.com/sites/daveywinder/2020/01/17/windows-10-security-alert-as-alarming-curveball-threat-just-got-very-real-indeed/#64b3292230d8
Please add an automatically revoke bad certs when errors pop up, its really annoying having to knock them out one by one, should be an automated process with such a streamlined program designed for maximum efficiency and productivity.
1 Answer, 1 is accepted
Hello T C,
Thank you for your feedback. While testing with the latest Chrome browser and Fiddler capturing I am not able to reproduce the issue and there is no vulnerability on my side.
Your user agent is not vulnerable. For more information about the CVE-2020-0601 (CurveBall) Vulnerability, please go to CVE-2020-0601. To test manually, click here. Your user agent is not vulnerable if it fails to connect to the site.
Note that using the "Ignore server certificate errors" option from the settings is considered unsafe (and actually marked with unsafe) and when activating this option via the UI it becomes red to underline the danger of this action. Each certificate error should be handled by the developer and Fiddler is just providing an option to overcome a temporary issues but the responsibility lies in the one who is actually testing the case.
Regards,
Nick Iliev
Progress Telerik
Our thoughts here at Progress are with those affected by the outbreak.