I navigated to a website which appears to use SSL. I believe it uses SSL for the following reasons:
1.) the domain name is preceded by "https://
" instead of just "http://
2.) The login page has a "login" button with a padlock Icon on it.
I could be wrong, and am a bit confused though whether SSL is being used or not. If I right click on the web page and look at the properties dialog box it lists a bunch of information. Here is some of the information displayed:
Protocol: Hyper Text Transfer protocol with privacy
Connection: TLS 1.0.AES with 256 bit encryption (High);
ECDH_P256 with 256 bit exchange
Zone: Local Intranet| Protected mode : Off
Also their is a button on the dialog box with a "Certificates" button on it. If I press on that button another dialog box will be displayed with 3 tabs on it, "General","Details", and "Certification Path".
There are two other buttons on the dialog box. One is labeled "Install Certificate" and the other is labeled "Issuer Statement". On the General tab the following information is displayed :
Issued by: VeriSign Class 3 Secure Server CA - G3.
On the login webform for this site, when I load the web form, my username is automatically populated in the username text box, and so is my password, which is masked by black dots, which is good.
So I am confused, because if I press the F12 button in IE11, and examine the html markup, I am able to view the password which is masked on the web form.
So if this site is using SSL why is my password still visible in the HTML markup? I thought that SSL would prevent this. I thought the SSL would encrypt the password, so that it would not be visible in the markup.