Closed Bug 1143072 Opened 5 years ago Closed 5 years ago

bookbrowse.com is RC4 only

Categories

(Web Compatibility :: Desktop, defect)

Product:
Web Compatibility
Component:
Desktop
Platform:
x86_64
Windows 8.1
Type:
defect
Priority:
Not set

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: emk, Unassigned)

References

(
URL
)

Details

https://www.ssllabs.com/ssltest/analyze.html?d=bookbrowse.com
> TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK		128
> TLS_RSA_WITH_RC4_128_MD5 (0x4)   WEAK		128
I think the problem is with a dependency on the RC4 cipher.

The issue was not present on FF 34.x. I noted a lot of discussion on https://bugzilla.mozilla.org/show_bug.cgi?id=999544. Makes me think that this is not a bug, but a decision to show any sites relying on the RC4 cipher as being insecure.  As noted, I fully agree with the intent (to move people off RC4 ASAP) but fear that a unilateral decision like this will impact FF usage. A warning is appropriate, but perhaps not this strong!
Recommend closing. RC4 now disabled and problem remains.  Likely due to SHA-1. 
https://bugzilla.mozilla.org/show_bug.cgi?id=947079
Hm, I don't see the grey triangle icon anymore.
Anyway, this bug was fixed because the site no longer uses RC4.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
(In reply to Paul from comment #1)
> As noted, I fully agree with the intent (to move
> people off RC4 ASAP) but fear that a unilateral decision like this will
> impact FF usage. A warning is appropriate, but perhaps not this strong!

It's not unilateral. All browsers will be removing support for RC4. Firefox is just the first. (yes, the coordination is not exactly great)
https://tools.ietf.org/html/rfc7465

The server's TLS setup is perfect now. Verified fixed.
Status: RESOLVED → VERIFIED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.