Closed
Bug 1143254
Opened 10 years ago
Closed 10 years ago
Some Bluehost / HostMonster hosted servers (*.unifiedlayer.com) are RC4 and Camellia only
Categories
(Web Compatibility :: Site Reports, defect)
Web Compatibility
Site Reports
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: emk, Unassigned)
References
Details
No description provided.
Comment 1•10 years ago
|
||
I've just tried sending a couple of tweets their way. Let's see if we're lucky and their support answers.
For clarity, we're seeing multiple servers that appear to be from this same host provider that are effectively RC4-only. (supporting Camellia is novel, but absolutely nobody supports that) That's not good; an upgrade is needed. All browsers are phasing this out, and Firefox would like to do it ASAP.
https://tools.ietf.org/html/rfc7465
At minimum, AES-CBC needs to be turned on. Ideally, ECDHE or DHE AES-GCM should be supported.
General server TLS configuration recommendations from Mozilla:
https://wiki.mozilla.org/Security/Server_Side_TLS
Reporter | ||
Comment 2•10 years ago
|
||
Looks like Bluehost fixed the server settings. Now TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled.
Reporter | ||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Comment 3•10 years ago
|
||
AES-GCM suites are also available, however their servers have CBC prioritized and negotiate it instead of GCM in Firefox, Chrome, IE, and Safari.
Assignee | ||
Updated•6 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•