Closed Bug 1133940 Opened 5 years ago Closed 4 years ago

ssl.safaribooksonline.com only supports TLS 1.0 and RC4

Categories

(Web Compatibility :: Desktop, defect)

defect
Not set

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: keeler, Unassigned)

References

()

Details

https://www.ssllabs.com/ssltest/analyze.html?d=ssl.safaribooksonline.com

Protocols
TLS 1.2 	No
TLS 1.1 	No
TLS 1.0 	Yes
SSL 3 	No	
SSL 2 	No

Cipher Suites (sorted by strength; the server has no preference)
TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK		128

Also, it appears to support the insecure client-initiated renegotiation (i.e. MITM is possible).
No longer depends on: 1042380
No longer blocks: 1124039
I e-mailed Safari about this, and I got the following response from a member of their Technical Support:

> Our engineers are currently preparing for the switch to supporting the AES-256 cipher and we hope
> to have this ready sometime next month. Thank you for taking the time to let us know about this,
> I was unaware of the planned deprecation of RC4 in Firefox 39 but fortunately we should be ahead
> of that release.

Sounds like a decent plan!
TLS 1.0 through TLS 1.2 and modern cipher suites are all supported now.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.