Closed Bug 1128366 Opened 9 years ago Closed 8 years ago
Add some sub domains of kuronekoyamato
.co .jp into the whitelist of non-secure TLS fallback
As far as I can access, following sub domains are also using non-secure TLS: https://syuhai.kuronekoyamato.co.jp/ https://takuhai-locker.kuronekoyamato.co.jp/ https://c2.kuronekoyamato.co.jp/ https://okurijyoinji.kuronekoyamato.co.jp/ https://jizen.kuronekoyamato.co.jp/ https://otodoke.kuronekoyamato.co.jp/ https://tenkyo-tenso.kuronekoyamato.co.jp/ https://auction.kuronekoyamato.co.jp/ https://tsuhanshokai.kuronekoyamato.co.jp/ https://mytoi.kuronekoyamato.co.jp/ https://repair.kuroneko-kadendr.jp/ All of them are Kuroneko-Yamato's services for personal users. So, I guess that there are other sub domains (or other domains like the last one?) for enterprise users (I cannot access enterprise user's site). Anyway, they add a sub domain for every service. Therefore, I think that we should allow *.kuronekoyamato.co.jp and *.kuroneko-kadendr.jp. If we won't do so, they could add new sub domain before or after we ship the behavior in release builds.
Ah, and this: https://bmypage.kuronekoyamato.co.jp/ This sub domain has a page to log-in of enterprise users.
Hmm, they are "contact us" pages: https://form.kuronekoyamato.co.jp/ https://contact-us.kuronekoyamato.co.jp/
I will add them to whitelist, but they should really fix the servers. In particular, we will have to turn off RC4 completely in the near future.
More subdomains from bug 1084025 comment #112: https://adsearch.kuronekoyamato.co.jp/ https://bmypageapi.kuronekoyamato.co.jp/ https://docrecycle.kuronekoyamato.co.jp/ https://golfsearch.kuronekoyamato.co.jp/ https://maplink.kuronekoyamato.co.jp/ https://mobile.kuronekoyamato.co.jp/ https://mobileotodoke.kuronekoyamato.co.jp/ https://ship-book.kuronekoyamato.co.jp/ https://smp-cmypage.kuronekoyamato.co.jp/ https://uketori.kuronekoyamato.co.jp/ https://repairmb.kuroneko-kadendr.jp/
Hopefully the news about the RC4 attack when it is presented at Black Hat Asia 2015 will help.
FYI, this site was SSLv3 exclusive until December 2014.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.