1150190 - https://identity.virginmedia.com/ uses RC4 and is not treated as secure by Firefox

Status: RESOLVED DUPLICATE of bug 1129887

(Web Compatibility :: Site Reports, defect)

Description

[Nigel]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Build ID: 20150320202338

Steps to reproduce:

Go to www.virginmedia.com

Take the email option and go to https://identity.virginmedia.com/


Actual results:

Firefox reported that the websites identity could not be verified




Expected results:

Firefox should have shown the sites identity and the site identity button should have gone green.

Validated this should happen with IE11 and Chrome.  It used to be that on an older version of Firefox.  Tried Firefox with a new clean profile

Comment 1

[:Gijs (he/him)]

The website uses an outdated cypher, and that's why it's not showing up as secure. They should reconfigure their server. See also:

https://www.ssllabs.com/ssltest/analyze.html?d=identity.virginmedia.com

for an independent analysis of the site. I'm a Virgin media customer, so I can see if I can contact them about this.

Comment 2

[:Gijs (he/him)]

Left a message on the pre-existing forum topic about this: http://community.virginmedia.com/t5/Internet-Security/Please-fix-your-insecure-server/td-p/2785747/highlight/false .

I was unable to find a more direct way of reporting this to them. It seems they've been aware of this for a while now with no response so far.

Comment 3

[:Cykesiopka]

(The summary there is currently a bit misleading, but this is basically a dupe of Bug 1129887).