Closed Bug 1109373 Opened 6 years ago Closed 5 years ago

Some Turkish government sites uses old TLS implementation

Categories

(Web Compatibility :: Desktop, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: yuhongbao_386, Unassigned)

References

()

Details

Some Turkish government sites uses a TLS implementation that has bug 946147, meaning it pays attention to only one byte of the ciphersuite list provided in the ClientHello. Given that the sites also support insecure renegotiation and only supports 3DES and RC4 ciphersuites, it is likely that the TLS implementation is old and should be upgraded:
https://www.ssllabs.com/ssltest/analyze.html?d=https://www.uyap.gov.tr
https://www.ssllabs.com/ssltest/analyze.html?d=avukat.uyap.gov.tr
Status: UNCONFIRMED → NEW
Ever confirmed: true
Interestingly, this bug also cause problems with Googlebot.
https://avukat.uyap.gov.tr/avukat/index.jsp has been fixed.
And https://www.uyap.gov.tr has been fixed too.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.