Closed Bug 1137079 Opened 7 years ago Closed 7 years ago

https://whatwg.org/ Secure Connection Failed (Error code: ssl_error_no_cypher_overlap)

Categories

(Web Compatibility :: Desktop, defect)

x86_64
Linux
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: kanru, Unassigned)

References

Details

https://www.ssllabs.com/ssltest/analyze.html?d=whatwg.org

Protocols
TLS 1.2  No
TLS 1.1  No
TLS 1.0  Yes
SSL 3    No	
SSL 2    No

Cipher Suites (sorted by strength; the server has no preference)
TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK		128
When does this fail exactly?

Per DreamHost this should be fixed this quarter, but I've seen no announcements thus far.
Firefox is disabling RC4 fallback in Firefox 38.
The reason I asked is that I'm on Nightly which is 39 and whatwg.org loads fine. If anything I would expect Nightly to load less than the release channel...
That is because they put these on a whitelist. See bug 1124039.
And bug 1133187
I'm also on Nightly but all subdomains of and whatwg.org I tried doesn't load. I tried two instance of Firefox Nightly..
Depends on: 1137179
Fortunately, I expect that March will be a bad month for RC4.
Looks like whatwg.org (and subdomains) negotiates TLS_DHE_RSA_WITH_AES_256_CBC_SHA now.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
No longer blocks: 1124039
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.