1139782 - ncsoft.com and some other NCSOFT related domains are RC4 only

Status: RESOLVED FIXED

(Web Compatibility :: Site Reports, defect)

Description

[:Cykesiopka]

https://www.ssllabs.com/ssltest/analyze.html?d=ncsoft.com :
https://www.ssllabs.com/ssltest/analyze.html?d=secure.ncsoft.com :
> Cipher Suites (sorted by strength; the server has no preference)
> TLS_RSA_WITH_RC4_128_SHA (0x5)

> Long handshake intolerance 	Yes+

Some example NCSoft properties/hosted websites that have similar configurations:
https://www.ssllabs.com/ssltest/analyze.html?d=shop.wildstar-online.com :
> Server hostname 	64.25.35-241.ncsoft.com
https://www.ssllabs.com/ssltest/analyze.html?d=na.aiononline.com:
> Server hostname 	64.25.35-242.ncsoft.com

Comment 1

[Masatoshi Kimura [:emk]]

ncsoft.com and www.ncsoft.com "works" for me. They display overridable cert error, but at least Firefox does not fail to connect them.

Comment 2

[:Cykesiopka]

(In reply to Masatoshi Kimura [:emk] from comment #1)
> ncsoft.com and www.ncsoft.com "works" for me. They display overridable cert
> error, but at least Firefox does not fail to connect them.

Odd, I still get ssl_error_no_cypher_overlap on Aurora 38 and a recent local m-i build...
I'm currently in North America - maybe it's regional?

Comment 3

[Masatoshi Kimura [:emk]]

Hm, the DNS lookup returned a different answer between my local DNS cache and Google Public DNS.

>nslookup www.ncsoft.com
Server:  UnKnown
Address:  fe80::1

Non-authoritative answer:
Name:    www.ncsoft.com
Address:  106.186.66.199

>nslookup www.ncsoft.com 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    www.ncsoft.com
Address:  64.25.35.120

I could reproduce ssl_error_no_cypher_overlap by adding the latter address to the hosts file.

Comment 4

[Masatoshi Kimura [:emk]]

na.aiononline.com, secure.ncsoft.com, and shop.wildstar-online.com are fixed. www.ncsoft.com (64.25.35.120) no longer provides secure connections.