23andme.com Secure Connection Failed: Error code: ssl_error_no_cypher_overlap

RESOLVED FIXED

Status

Tech Evangelism
Desktop
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: cpeterson, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

3 years ago
https://www.ssllabs.com/ssltest/analyze.html?d=23andme.com

Protocols
TLS 1.2         No
TLS 1.1         No
TLS 1.0         Yes
SSL 3           No
SSL 2           No

Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end)
TLS_RSA_WITH_RC4_128_MD5 (0x4)   WEAK		128
TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK		128
Shouldn't this rather block bug 1124039? RC4-only site and only intolerant to TLS 1.3, 1.98, 2.98.
OS: Mac OS X → All
Hardware: x86 → All
Yes.
Blocks: 1124039
No longer blocks: 1126620

Updated

3 years ago
Blocks: 1138101

Updated

3 years ago
No longer blocks: 1124039

Comment 3

3 years ago
Using 39.0a1... had to set 'security.tls.unrestricted_rc4_fallback' to 'true' for https://www.23andme.com to load

Comment 4

3 years ago
I e-mailed 23andme about this, and this is their response:

> Thank you for contacting the 23andMe Team. Other users contacted us with this same feedback
> for the Firefox browser. We appreciate you taking the time to contact us with this concern,
> and have forwarded your comments to the appropriate team. We are constantly monitoring the
> landscape of encryption protocols, including RC4 cipher protocols, as well as our security
> practices to ensure that our customer data is secure. We believe that RC4 use in the context
> of the 23andme.com web application is sufficiently mitigated to provide adequate level of
> protection for 23andMe customers at this time.

A rather disappointing response from a company that handles information as private as genetic data.

Updated

3 years ago
Fixed.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.