Some Bluehost / HostMonster hosted servers (*.unifiedlayer.com) are RC4 and Camellia only

RESOLVED FIXED

Status

defect
RESOLVED FIXED
4 years ago
3 months ago

People

(Reporter: emk, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Reporter

Description

4 years ago
No description provided.

Comment 1

4 years ago
I've just tried sending a couple of tweets their way. Let's see if we're lucky and their support answers.

For clarity, we're seeing multiple servers that appear to be from this same host provider that are effectively RC4-only. (supporting Camellia is novel, but absolutely nobody supports that) That's not good; an upgrade is needed. All browsers are phasing this out, and Firefox would like to do it ASAP.
https://tools.ietf.org/html/rfc7465

At minimum, AES-CBC needs to be turned on. Ideally, ECDHE or DHE AES-GCM should be supported.

General server TLS configuration recommendations from Mozilla:
https://wiki.mozilla.org/Security/Server_Side_TLS
Reporter

Comment 2

4 years ago
Looks like Bluehost fixed the server settings. Now TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled.
Reporter

Updated

4 years ago
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED

Comment 3

4 years ago
AES-GCM suites are also available, however their servers have CBC prioritized and negotiate it instead of GCM in Firefox, Chrome, IE, and Safari.

Updated

4 years ago
Depends on: 1190706
Component: Desktop → Desktop
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.