www.optumrx.com is TLS 1.1/1.2 intolerant and Firefox blocks it this is concerning as its the prescription sites for one of the largest healthcare companies in the United States.
They fixed it but still only supports RC4.
https://www.ssllabs.com/ssltest/analyze.html?d=optumrx.com : > Cipher Suites (sorted by strength; the server has no preference) > TLS_RSA_WITH_RC4_128_SHA (0x5) Note that TLS 1.1 and 1.2 don't appear here: > TLS version intolerance TLS 1.3 TLS 1.98 TLS 2.98 ... and that the Handshake Simulation section lists many successful TLS 1.2 connections. => This server is unlikely to be TLS 1.1/1.2 intolerant.
To be extra clear: This is another server that supports TLS 1.2 yet has its mandatory to implement cipher suite disabled. TLS_RSA_WITH_AES_128_CBC_SHA is supported by the software they're running; they've just turned it off and need to stop doing that.
RC4-only servers are ignoring MTI by definition. No TLS versions make RC4 MTI. And it had valid reason to disable everything other than RC4 until BEAST/Lucky 13/POODLE/etc. were patched.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.