www.optumrx.com is RC4 only

RESOLVED FIXED

Status

Tech Evangelism
Desktop
--
major
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: bkerensa, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

3 years ago
www.optumrx.com is TLS 1.1/1.2 intolerant and Firefox blocks it this is concerning as its the prescription sites for one of the largest healthcare companies in the United States.
(Reporter)

Updated

3 years ago
Blocks: 1126620

Comment 1

3 years ago
They fixed it but still only supports RC4.
(Reporter)

Updated

3 years ago
Blocks: 1138101

Comment 2

3 years ago
https://www.ssllabs.com/ssltest/analyze.html?d=optumrx.com :
> Cipher Suites (sorted by strength; the server has no preference)
> TLS_RSA_WITH_RC4_128_SHA (0x5)

Note that TLS 1.1 and 1.2 don't appear here:
> TLS version intolerance 	TLS 1.3  TLS 1.98  TLS 2.98
... and that the Handshake Simulation section lists many successful TLS 1.2 connections.

=> This server is unlikely to be TLS 1.1/1.2 intolerant.
No longer blocks: 1126620
OS: Mac OS X → All
Hardware: x86 → All
Summary: www.optumrx.com is TLS 1.1/1.2 intolerant → www.optumrx.com is RC4 only

Comment 3

3 years ago
To be extra clear: This is another server that supports TLS 1.2 yet has its mandatory to implement cipher suite disabled. TLS_RSA_WITH_AES_128_CBC_SHA is supported by the software they're running; they've just turned it off and need to stop doing that.
RC4-only servers are ignoring MTI by definition. No TLS versions make RC4 MTI. And it had valid reason to disable everything other than RC4 until BEAST/Lucky 13/POODLE/etc. were patched.
Fixed.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.