Closed Bug 1138142 Opened 8 years ago Closed 8 years ago

Bank Leumi and related sites are RC4 only

Categories

(Web Compatibility :: Desktop, defect)

Product:
Web Compatibility
Component:
Desktop
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: smontagu, Unassigned)

References

(
URL
)

Details

Logging in to Bank Leumi, one of the big 3 banks in Israel, is no longer possible in Nightly builds since 2015-02-11. There is an English version of the login page at https://hb2.bankleumi.co.il/E/Login.html

The error displayed is "An error occurred during a connection to hb2.bankleumi.co.il. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)"

From inspecting other bugs I'm guessing that bug 1138101 is the right bug for this to block -- please move if something else is more appropriate.
Yep, this is an RC4 only server.

https://www.ssllabs.com/ssltest/analyze.html?d=hb2.bankleumi.co.il

Supports only TLS 1.0 or SSL3 with TLS_RSA_WITH_RC4_128_SHA & TLS_RSA_WITH_RC4_128_MD5 the only allowed ciphers. Server appears to be Microsoft-IIS/7.5.

Oddly enough, it is properly TLS version tolerant and even supports TLS_FALLBACK_SCSV.
https://www.leumi-card.co.il/ is a related site and is RC4 only as well.

https://www.ssllabs.com/ssltest/analyze.html?d=leumi-card.co.il
Summary: Logon to Bank Leumi fails with error code: ssl_error_no_cypher_overlap → Bank Leumi and related sites are RC4 only
Fixed.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.