Closed Bug 1136376 Opened 10 years ago Closed 10 years ago

23andme.com Secure Connection Failed: Error code: ssl_error_no_cypher_overlap

Categories

(Web Compatibility :: Site Reports, defect)

Product:
Web Compatibility
Component:
Site Reports
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: cpeterson, Unassigned)

References

(
URL
)

Details

https://www.ssllabs.com/ssltest/analyze.html?d=23andme.com Protocols TLS 1.2 No TLS 1.1 No TLS 1.0 Yes SSL 3 No SSL 2 No Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end) TLS_RSA_WITH_RC4_128_MD5 (0x4) WEAK 128 TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128
Shouldn't this rather block bug 1124039? RC4-only site and only intolerant to TLS 1.3, 1.98, 2.98.
OS: Mac OS X → All
Hardware: x86 → All
Yes.
Blocks: 1124039
No longer blocks: TLS-Intolerance
Blocks: RC4-Dependence
No longer blocks: 1124039
Using 39.0a1... had to set 'security.tls.unrestricted_rc4_fallback' to 'true' for https://www.23andme.com to load
I e-mailed 23andme about this, and this is their response: > Thank you for contacting the 23andMe Team. Other users contacted us with this same feedback > for the Firefox browser. We appreciate you taking the time to contact us with this concern, > and have forwarded your comments to the appropriate team. We are constantly monitoring the > landscape of encryption protocols, including RC4 cipher protocols, as well as our security > practices to ensure that our customer data is secure. We believe that RC4 use in the context > of the 23andme.com web application is sufficiently mitigated to provide adequate level of > protection for 23andMe customers at this time. A rather disappointing response from a company that handles information as private as genetic data.
Fixed.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.