Closed Bug 1138101 (RC4-Dependence) Opened 8 years ago Closed 6 years ago
[META] Sites that still haven't upgraded to something better than RC4
Another meta-bug to collect the growing pile of TE reports of poorly maintained servers that break when browsers try to do the right thing.
Depends on: 1139065
Depends on: 1139563
Hubert - would it be possible to export a list of rc4 only domains from your monthly scan?
I guess so, but where should I put it? It's a long list (over 4000 entries) and posts on my blog are long as it is...
I think a simple list of domains attached to this bug would work great.
list of servers that support only RC4 ciphersuites when connection using Firefox, as seen between 19th and 27th of February 2015 using Alexa top 1 million sites.
Thanks Hubert, that's really useful! I sorted the list by Alexa's ranking so it's easier to find the domains with large exposure. Here's the top10: -rank- + -domain- 86 clkmon.com 565 examiner.com 594 adultfriendfinder.com 641 priceline.com 817 magentocommerce.com 1021 aa.com 1386 sprint.com 1405 orbitz.com 1407 name.com 1470 fandango.com
Depends on: 1143031
Servers which support only RC4, as seen 16th and 27th of March 2015 using Alexa top 1 million sites.
Depends on: 1151990
The attached list are sites broken in Fx39. They connect on either TLS 1.1 or TLS 1.2, using the RC4 cipher. Note that there are some high-profile sites in there (starbucks.com, for example) so it would be worthwhile for an evangelist to triage this list. (A similar list of sites that only connect via TLS 1.0 is attached to bug 1124039.) These were obtained by running the Pulse top 200k site list against Fx39.0a2. Let me know if you'd like me to run Fx39 against the Google CT site list of around 3 million sites.
(In reply to Matt Wobensmith from comment #7) > The attached list are sites broken in Fx39. They connect on either TLS 1.1 > or TLS 1.2, using the RC4 cipher. Note that there are some high-profile > sites in there (starbucks.com, for example) so it would be worthwhile for an > evangelist to triage this list. Thanks Matt! FWIW, I have already contacted several of the sites in this list (mostly things I consider "high importance" such as banks, universities, government websites etc, but others as well), so if someone wants to coordinate, please feel free. > These were obtained by running the Pulse top 200k site list against > Fx39.0a2. Let me know if you'd like me to run Fx39 against the Google CT > site list of around 3 million sites. I think it might be nice to do this at least once to discover more sites that aren't popular, but are still of "high importance". But I defer to the judgement of others.
(In reply to Karl Dubost :karlcow from comment #9) > A new Webcompat issue > https://webcompat.com/issues/997 > https://www.ssllabs.com/ssltest/analyze.html?d=commerce.cashnet.com&latest I filed Bug 1164009.
Depends on: 1165400
Depends on: 1185080
Depends on: 1216927
All dependencies are fixed.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.