Closed Bug 1143254 Opened 5 years ago Closed 5 years ago

Some Bluehost / HostMonster hosted servers (*.unifiedlayer.com) are RC4 and Camellia only

Categories

(Web Compatibility :: Desktop, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: emk, Unassigned)

References

Details

No description provided.
I've just tried sending a couple of tweets their way. Let's see if we're lucky and their support answers.

For clarity, we're seeing multiple servers that appear to be from this same host provider that are effectively RC4-only. (supporting Camellia is novel, but absolutely nobody supports that) That's not good; an upgrade is needed. All browsers are phasing this out, and Firefox would like to do it ASAP.
https://tools.ietf.org/html/rfc7465

At minimum, AES-CBC needs to be turned on. Ideally, ECDHE or DHE AES-GCM should be supported.

General server TLS configuration recommendations from Mozilla:
https://wiki.mozilla.org/Security/Server_Side_TLS
Looks like Bluehost fixed the server settings. Now TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
AES-GCM suites are also available, however their servers have CBC prioritized and negotiate it instead of GCM in Firefox, Chrome, IE, and Safari.
Depends on: 1190706
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.