Closed Bug 1151990 Opened 5 years ago Closed 4 years ago

https://www.openwebosproject.org/ only uses RC4 ciphersuites

Categories

(Web Compatibility :: Desktop, defect, P5, trivial)

defect

Tracking

(Not tracked)

RESOLVED WORKSFORME

People

(Reporter: jrmuizel, Unassigned)

References

()

Details

This page works fine in Chrome.
I was also not able to find any to get more information about what was happening other than the error page containing ssl_error_no_cypher_overlap. Is there a way to get the offending certificate?
According to https://www.ssllabs.com/ssltest/analyze.html?d=openwebosproject.org that site only advertises a single RC4 ciphersuite. It also has SSL 3 enabled, which is insecure. It also neglects to send any intermediate certificates, which can mean clients won't find a path to a trusted root.
Component: Security → Desktop
Product: Firefox → Tech Evangelism
Summary: https://www.openwebosproject.org/ is blocked by Firefox → https://www.openwebosproject.org/ only uses RC4 ciphersuites
(In reply to David Keeler [:keeler] (use needinfo?) from comment #2)
> According to
> https://www.ssllabs.com/ssltest/analyze.html?d=openwebosproject.org that
> site only advertises a single RC4 ciphersuite. It also has SSL 3 enabled,
> which is insecure. It also neglects to send any intermediate certificates,
> which can mean clients won't find a path to a trusted root.

Do you know why Chrome still accepts the cert?
(In reply to Jeff Muizelaar [:jrmuizel] from comment #3)
> Do you know why Chrome still accepts the cert?

I believe Chrome fetches intermediates based on cert AIA information, but I could be wrong.
OS: Mac OS X → All
Hardware: x86 → All
The certificate expired a moth ago.
Still expired. Seems nobody is maintaining or using this anyway, so low pri. We might even close it..
Severity: normal → trivial
Priority: -- → P5
Still no new cert. I'll close it for now.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.