Closed
Bug 1128366
Opened 9 years ago
Closed 8 years ago
Add some sub domains of kuronekoyamato.co.jp into the whitelist of non-secure TLS fallback
Categories
(Web Compatibility :: Desktop, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: masayuki, Unassigned)
References
Details
As far as I can access, following sub domains are also using non-secure TLS: https://syuhai.kuronekoyamato.co.jp/ https://takuhai-locker.kuronekoyamato.co.jp/ https://c2.kuronekoyamato.co.jp/ https://okurijyoinji.kuronekoyamato.co.jp/ https://jizen.kuronekoyamato.co.jp/ https://otodoke.kuronekoyamato.co.jp/ https://tenkyo-tenso.kuronekoyamato.co.jp/ https://auction.kuronekoyamato.co.jp/ https://tsuhanshokai.kuronekoyamato.co.jp/ https://mytoi.kuronekoyamato.co.jp/ https://repair.kuroneko-kadendr.jp/ All of them are Kuroneko-Yamato's services for personal users. So, I guess that there are other sub domains (or other domains like the last one?) for enterprise users (I cannot access enterprise user's site). Anyway, they add a sub domain for every service. Therefore, I think that we should allow *.kuronekoyamato.co.jp and *.kuroneko-kadendr.jp. If we won't do so, they could add new sub domain before or after we ship the behavior in release builds.
Reporter | ||
Comment 1•9 years ago
|
||
Ah, and this: https://bmypage.kuronekoyamato.co.jp/ This sub domain has a page to log-in of enterprise users.
Reporter | ||
Comment 2•9 years ago
|
||
Hmm, they are "contact us" pages: https://form.kuronekoyamato.co.jp/ https://contact-us.kuronekoyamato.co.jp/
Comment 3•9 years ago
|
||
I will add them to whitelist, but they should really fix the servers. In particular, we will have to turn off RC4 completely in the near future.
Component: Security: PSM → Desktop
Product: Core → Tech Evangelism
Updated•9 years ago
|
Comment 4•9 years ago
|
||
More subdomains from bug 1084025 comment #112: https://adsearch.kuronekoyamato.co.jp/ https://bmypageapi.kuronekoyamato.co.jp/ https://docrecycle.kuronekoyamato.co.jp/ https://golfsearch.kuronekoyamato.co.jp/ https://maplink.kuronekoyamato.co.jp/ https://mobile.kuronekoyamato.co.jp/ https://mobileotodoke.kuronekoyamato.co.jp/ https://ship-book.kuronekoyamato.co.jp/ https://smp-cmypage.kuronekoyamato.co.jp/ https://uketori.kuronekoyamato.co.jp/ https://repairmb.kuroneko-kadendr.jp/
Comment 5•9 years ago
|
||
Hopefully the news about the RC4 attack when it is presented at Black Hat Asia 2015 will help.
Comment 6•9 years ago
|
||
FYI, this site was SSLv3 exclusive until December 2014.
Assignee | ||
Updated•5 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•