Closed
Bug 1128366
Opened 10 years ago
Closed 10 years ago
Add some sub domains of kuronekoyamato.co.jp into the whitelist of non-secure TLS fallback
Categories
(Web Compatibility :: Site Reports, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: masayuki, Unassigned)
References
Details
As far as I can access, following sub domains are also using non-secure TLS:
https://syuhai.kuronekoyamato.co.jp/
https://takuhai-locker.kuronekoyamato.co.jp/
https://c2.kuronekoyamato.co.jp/
https://okurijyoinji.kuronekoyamato.co.jp/
https://jizen.kuronekoyamato.co.jp/
https://otodoke.kuronekoyamato.co.jp/
https://tenkyo-tenso.kuronekoyamato.co.jp/
https://auction.kuronekoyamato.co.jp/
https://tsuhanshokai.kuronekoyamato.co.jp/
https://mytoi.kuronekoyamato.co.jp/
https://repair.kuroneko-kadendr.jp/
All of them are Kuroneko-Yamato's services for personal users. So, I guess that there are other sub domains (or other domains like the last one?) for enterprise users (I cannot access enterprise user's site).
Anyway, they add a sub domain for every service. Therefore, I think that we should allow *.kuronekoyamato.co.jp and *.kuroneko-kadendr.jp. If we won't do so, they could add new sub domain before or after we ship the behavior in release builds.
|
Reporter | |
Comment 1•10 years ago
|
||
Ah, and this:
https://bmypage.kuronekoyamato.co.jp/
This sub domain has a page to log-in of enterprise users.
|
|
Reporter | |
Comment 2•10 years ago
|
||
Hmm, they are "contact us" pages:
https://form.kuronekoyamato.co.jp/
https://contact-us.kuronekoyamato.co.jp/
|
||
Comment 3•10 years ago
|
||
I will add them to whitelist, but they should really fix the servers. In particular, we will have to turn off RC4 completely in the near future.
Component: Security: PSM → Desktop
Product: Core → Tech Evangelism
|
|
||
Updated•10 years ago
|
|
|
||
Comment 4•10 years ago
|
||
More subdomains from bug 1084025 comment #112:
https://adsearch.kuronekoyamato.co.jp/
https://bmypageapi.kuronekoyamato.co.jp/
https://docrecycle.kuronekoyamato.co.jp/
https://golfsearch.kuronekoyamato.co.jp/
https://maplink.kuronekoyamato.co.jp/
https://mobile.kuronekoyamato.co.jp/
https://mobileotodoke.kuronekoyamato.co.jp/
https://ship-book.kuronekoyamato.co.jp/
https://smp-cmypage.kuronekoyamato.co.jp/
https://uketori.kuronekoyamato.co.jp/
https://repairmb.kuroneko-kadendr.jp/
|
||
Comment 5•10 years ago
|
||
Hopefully the news about the RC4 attack when it is presented at Black Hat Asia 2015 will help.
|
|
||
Comment 6•10 years ago
|
||
FYI, this site was SSLv3 exclusive until December 2014.
|
Assignee | |
Updated•6 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•