Closed
Bug 1136376
Opened 9 years ago
Closed 9 years ago
23andme.com Secure Connection Failed: Error code: ssl_error_no_cypher_overlap
Categories
(Web Compatibility :: Site Reports, defect)
Web Compatibility
Site Reports
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: cpeterson, Unassigned)
References
()
Details
https://www.ssllabs.com/ssltest/analyze.html?d=23andme.com Protocols TLS 1.2 No TLS 1.1 No TLS 1.0 Yes SSL 3 No SSL 2 No Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end) TLS_RSA_WITH_RC4_128_MD5 (0x4) WEAK 128 TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128
|
||
Comment 1•9 years ago
|
||
Shouldn't this rather block bug 1124039? RC4-only site and only intolerant to TLS 1.3, 1.98, 2.98.
OS: Mac OS X → All
Hardware: x86 → All
|
||
Updated•9 years ago
|
Blocks: RC4-Dependence
Using 39.0a1... had to set 'security.tls.unrestricted_rc4_fallback' to 'true' for https://www.23andme.com to load
|
||
Comment 4•9 years ago
|
||
I e-mailed 23andme about this, and this is their response:
> Thank you for contacting the 23andMe Team. Other users contacted us with this same feedback
> for the Firefox browser. We appreciate you taking the time to contact us with this concern,
> and have forwarded your comments to the appropriate team. We are constantly monitoring the
> landscape of encryption protocols, including RC4 cipher protocols, as well as our security
> practices to ensure that our customer data is secure. We believe that RC4 use in the context
> of the 23andme.com web application is sufficiently mitigated to provide adequate level of
> protection for 23andMe customers at this time.
A rather disappointing response from a company that handles information as private as genetic data.|
|
||
Updated•9 years ago
|
|
Assignee | |
Updated•5 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•