Closed Bug 1133940 Opened 9 years ago Closed 9 years ago

ssl.safaribooksonline.com only supports TLS 1.0 and RC4

Categories

(Web Compatibility :: Site Reports, defect)

Product:
Web Compatibility
Component:
Site Reports
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: keeler, Unassigned)

References

(
URL
)

Details

https://www.ssllabs.com/ssltest/analyze.html?d=ssl.safaribooksonline.com

Protocols
TLS 1.2 	No
TLS 1.1 	No
TLS 1.0 	Yes
SSL 3 	No	
SSL 2 	No

Cipher Suites (sorted by strength; the server has no preference)
TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK		128

Also, it appears to support the insecure client-initiated renegotiation (i.e. MITM is possible).
No longer depends on: 1042380
Blocks: RC4-Dependence
No longer blocks: 1124039
I e-mailed Safari about this, and I got the following response from a member of their Technical Support:

> Our engineers are currently preparing for the switch to supporting the AES-256 cipher and we hope
> to have this ready sometime next month. Thank you for taking the time to let us know about this,
> I was unaware of the planned deprecation of RC4 in Firefox 39 but fortunately we should be ahead
> of that release.

Sounds like a decent plan!
URL: https://ssl.safaribooksonline.com
TLS 1.0 through TLS 1.2 and modern cipher suites are all supported now.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.