Closed
Bug 1138101
(RC4-Dependence)
Opened 10 years ago
Closed 8 years ago
[META] Sites that still haven't upgraded to something better than RC4
Categories
(Web Compatibility :: Site Reports, defect)
Web Compatibility
Site Reports
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: davemgarrett, Unassigned)
References
Details
(Keywords: site-compat)
Attachments
(4 files)
Another meta-bug to collect the growing pile of TE reports of poorly maintained servers that break when browsers try to do the right thing.
Reporter | ||
Updated•10 years ago
|
See Also: → TLS-Intolerance
Reporter | ||
Updated•10 years ago
|
Alias: BAD-CIPHERS → RC4-Dependence
Comment 1•10 years ago
|
||
Hubert - would it be possible to export a list of rc4 only domains from your monthly scan?
Flags: needinfo?(hkario)
Comment 2•10 years ago
|
||
I guess so, but where should I put it? It's a long list (over 4000 entries) and posts on my blog are long as it is...
Flags: needinfo?(hkario)
Comment 4•10 years ago
|
||
list of servers that support only RC4 ciphersuites when connection using Firefox, as seen between 19th and 27th of February 2015 using Alexa top 1 million sites.
Comment 5•10 years ago
|
||
Thanks Hubert, that's really useful! I sorted the list by Alexa's ranking so it's easier to find the domains with large exposure. Here's the top10: -rank- + -domain- 86 clkmon.com 565 examiner.com 594 adultfriendfinder.com 641 priceline.com 817 magentocommerce.com 1021 aa.com 1386 sprint.com 1405 orbitz.com 1407 name.com 1470 fandango.com
Comment 6•10 years ago
|
||
Servers which support only RC4, as seen 16th and 27th of March 2015 using Alexa top 1 million sites.
Comment 7•10 years ago
|
||
The attached list are sites broken in Fx39. They connect on either TLS 1.1 or TLS 1.2, using the RC4 cipher. Note that there are some high-profile sites in there (starbucks.com, for example) so it would be worthwhile for an evangelist to triage this list. (A similar list of sites that only connect via TLS 1.0 is attached to bug 1124039.) These were obtained by running the Pulse top 200k site list against Fx39.0a2. Let me know if you'd like me to run Fx39 against the Google CT site list of around 3 million sites.
Comment 8•10 years ago
|
||
(In reply to Matt Wobensmith from comment #7) > The attached list are sites broken in Fx39. They connect on either TLS 1.1 > or TLS 1.2, using the RC4 cipher. Note that there are some high-profile > sites in there (starbucks.com, for example) so it would be worthwhile for an > evangelist to triage this list. Thanks Matt! FWIW, I have already contacted several of the sites in this list (mostly things I consider "high importance" such as banks, universities, government websites etc, but others as well), so if someone wants to coordinate, please feel free. > These were obtained by running the Pulse top 200k site list against > Fx39.0a2. Let me know if you'd like me to run Fx39 against the Google CT > site list of around 3 million sites. I think it might be nice to do this at least once to discover more sites that aren't popular, but are still of "high importance". But I defer to the judgement of others.
Comment 9•10 years ago
|
||
A new Webcompat issue https://webcompat.com/issues/997 https://www.ssllabs.com/ssltest/analyze.html?d=commerce.cashnet.com&latest
Comment 10•10 years ago
|
||
(In reply to Karl Dubost :karlcow from comment #9) > A new Webcompat issue > https://webcompat.com/issues/997 > https://www.ssllabs.com/ssltest/analyze.html?d=commerce.cashnet.com&latest I filed Bug 1164009.
Comment 11•8 years ago
|
||
All dependencies are fixed.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•6 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•