Closed
Bug 1166644
Opened 9 years ago
Closed 9 years ago
secure.crbonline.gov.uk is TLS 1.1/1.2 intolerant and RC4-only
Categories
(Web Compatibility :: Site Reports, defect)
Web Compatibility
Site Reports
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: alisdairjones, Unassigned)
References
()
Details
The following website no longer loads following the disabling of insecure TLS fallback (detailed here: https://bugzilla.mozilla.org/show_bug.cgi?id=1084025): https://secure.crbonline.gov.uk/crsc/subscriber (Other sites at same domain have same issue) Regression check confirms this change broke the site access. SSLlabs report confirms only TLS 1.0 is supported, nothing better than RC4. I am in the process of trying to bring this issue to the attention of the Government Digital Service(!). In the meantime, can it please be added to the whitelist.
Reporter | ||
Updated•9 years ago
|
Blocks: TLS-Intolerance, RC4-Dependence
Component: Security → Desktop
Product: Firefox → Tech Evangelism
Summary: TLS/RC4 intolerance - secure.crbonline.gov.uk (add to whitelist) → secure.crbonline.gov.uk is TLS 1.1/1.2 intolerant and RC4-only
Version: 38 Branch → Firefox 38
Updated•9 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Unspecified → All
Hardware: Unspecified → All
Version: Firefox 38 → unspecified
Comment 2•9 years ago
|
||
I enabled older protocols in a browser with lots of config options (Opera 12.x ;)) and finally got the site to load. And it said.. "Bad request". Maybe this server isn't used at all and we can just close the bug?
Reporter | ||
Comment 3•9 years ago
|
||
It works for me on FF41.0.1 - presumably with the site on the whitelist. I can log in to the site fine without having to resort to Safari etc. In the meantime, until the GDS (who are responsible for the site) update the site security, the bug stands.
Assignee | ||
Updated•5 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•