Closed Bug 1095507 Opened 11 years ago Closed 10 years ago

Cannot enter on Kredobank online banking page (www.kredodirect.com.ua), when TLS non-secure fallback is disabled

Categories

(Web Compatibility :: Site Reports, defect)

Product:
Web Compatibility
Component:
Site Reports
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: unghost, Unassigned)

References

(
URL
)

Details

(Keywords: regression, Whiteboard: [country-ua] [ssl] [contactready])

Steps to reproduce: go to https://www.kredodirect.com.ua/ Actual results: An error occurred during a connection to www.kredodirect.com.ua. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) Expected results: Show web-page of bank
Kredobank's twitter is https://twitter.com/Kredobank_ua
URL: https://www.kredodirect.com.ua/
Summary: Cannot enter on www.kredodirect.com.ua bank when SSLv3 is disabled → Cannot enter on Kredobank online banking page (www.kredodirect.com.ua), when SSLv3 is disabled
Whiteboard: [country-ua] [ssl] → [country-ua] [ssl] [contactready]
This site is also TLS intolerant.
Blocks: 1084025
Summary: Cannot enter on Kredobank online banking page (www.kredodirect.com.ua), when SSLv3 is disabled → Cannot enter on Kredobank online banking page (www.kredodirect.com.ua), when SSLv3 or TLS non-secure fallback is disabled
https://www.ssllabs.com/ssltest/analyze.html?d=www.kredodirect.com.ua Server is SSL3 only & 3DES only. It's insecure and incompatible with about half of the clients listed in SSL Labs' test.
Now uses TLS 1.0, but still is TLS version intolerant.
Summary: Cannot enter on Kredobank online banking page (www.kredodirect.com.ua), when SSLv3 or TLS non-secure fallback is disabled → Cannot enter on Kredobank online banking page (www.kredodirect.com.ua), when TLS non-secure fallback is disabled
Blocks: 1084025
No longer blocks: POODLEBITE
Blocks: TLS-Intolerance
Minor mass change for dependencies of bug 1126620. (filter on {bf0YGqIfJDgVDlKn3zYc}) As of bug 1114816, these sites are now whitelisted to allow for insecure fallback due to TLS version intolerance. Whilst these sites should now work with the patch applied, these bugs themselves are not actually FIXED until the server is. Moving all of these into the TE product for tracking.
Version: unspecified → Trunk
No longer blocks: 1084025
This appears to be fixed.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.