Closed
Bug 1143072
Opened 6 years ago
Closed 6 years ago
bookbrowse.com is RC4 only
Categories
(Web Compatibility :: Desktop, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: emk, Unassigned)
References
()
Details
https://www.ssllabs.com/ssltest/analyze.html?d=bookbrowse.com > TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128 > TLS_RSA_WITH_RC4_128_MD5 (0x4) WEAK 128
I think the problem is with a dependency on the RC4 cipher. The issue was not present on FF 34.x. I noted a lot of discussion on https://bugzilla.mozilla.org/show_bug.cgi?id=999544. Makes me think that this is not a bug, but a decision to show any sites relying on the RC4 cipher as being insecure. As noted, I fully agree with the intent (to move people off RC4 ASAP) but fear that a unilateral decision like this will impact FF usage. A warning is appropriate, but perhaps not this strong!
Recommend closing. RC4 now disabled and problem remains. Likely due to SHA-1. https://bugzilla.mozilla.org/show_bug.cgi?id=947079
Reporter | ||
Comment 3•6 years ago
|
||
Hm, I don't see the grey triangle icon anymore. Anyway, this bug was fixed because the site no longer uses RC4.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Comment 4•6 years ago
|
||
(In reply to Paul from comment #1) > As noted, I fully agree with the intent (to move > people off RC4 ASAP) but fear that a unilateral decision like this will > impact FF usage. A warning is appropriate, but perhaps not this strong! It's not unilateral. All browsers will be removing support for RC4. Firefox is just the first. (yes, the coordination is not exactly great) https://tools.ietf.org/html/rfc7465 The server's TLS setup is perfect now. Verified fixed.
Status: RESOLVED → VERIFIED
Assignee | ||
Updated•2 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•