Closed
Bug 1142703
Opened 9 years ago
Closed 9 years ago
www.usairways.com is RC4 only
Categories
(Web Compatibility :: Site Reports, defect)
Web Compatibility
Site Reports
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jvehent, Unassigned)
References
()
Details
(Whiteboard: [sitewait])
$ ./cipherscan www.usairways.com .. Target: www.usairways.com:443 prio ciphersuite protocols pfs_keysize 1 RC4-SHA TLSv1,TLSv1.1,TLSv1.2 Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature TLS ticket lifetime hint: 7200 OCSP stapling: not supported Server side cipher ordering
|
||
Comment 1•9 years ago
|
||
Right now I can load https://www.usairways.com/ just fine (and it redirects to a non-SSL site), but I can't load https://checkin.usairways.com/ if I have security.tls.unrestricted_rc4_fallback set to false. So they might have fixed their main www. SSL server [or else I'd be blocked when trying to load the https://www. URL], but https://checkin.usairways.com/ is definitely still RC4-only.
|
|
||
Comment 2•9 years ago
|
||
(Scratch that, I can't load https://www.usairways.com/ anymore. I'm guessing I was only able to load it in comment 1 because it's on the whitelist -- but now we're ignoring the whitelist in Nightly.)
|
||
Comment 3•9 years ago
|
||
SSL Labs analysis: https://www.ssllabs.com/ssltest/analyze.html?d=usairways.com https://www.ssllabs.com/ssltest/analyze.html?d=www.usairways.com&s=162.92.180.51&latest If we're going to contact them, here are some possible contact points: Twitter: http://twitter.com/americanair Facebook: https://www.facebook.com/AmericanAirlines Contactlink (for registered users, apparently): http://www.usairways.com/MEMBERSHIP/Login.aspx?returnURL=http://www.usairways.com/en-US/contact/default.html I tweeted. Might be a waste of time - you never know..
Whiteboard: [sitewait]
|
Assignee | |
Updated•5 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•