Closed Bug 1152465 Opened 5 years ago Closed 5 years ago

cas.rutgers.edu is RC4 only

Categories

(Web Compatibility :: Desktop, defect)

defect
Not set

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: abubakar.saddique, Unassigned)

References

()

Details

Attachments

(1 file)

1.52 MB, text/plain
Details
Attached file log.txt
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0
Build ID: 20150403142420

Steps to reproduce:


access website https://www.acs.rutgers.edu/ after upgrading to firefox 37.0.1.
I also regenerated the log file and attaching it
this was working before


Actual results:

received 
Secure Connection Failed
The connection to www.acs.rutgers.edu was interrupted while the page was loading.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.


Expected results:

a page from website should be displayed
https://www.ssllabs.com/ssltest/analyze.html?d=acs.rutgers.edu

Many RC4 cipher suites. And TLS intolerance (TLS 1.1  TLS 1.2  TLS 1.3  TLS 1.98  TLS 2.98).
Component: Untriaged → Desktop
Product: Firefox → Tech Evangelism
Summary: Secure Connection Failed → Secure Connection Failed at https://www.acs.rutgers.edu/
Version: 37 Branch → Firefox 37
muhammad:

Thanks for the report.

This is another broken Rutgers server (alongside the one in Bug 1139065).
This one however is TLS intolerant, but not RC4 only.

I have already contacted Rutgers about the RC4 issue, and they have acknowledged receipt of my message.
Hopefully whoever is working on fixing the other server is auditing other Rutgers servers as well.

In any case, I'll point the Rutgers staff at this bug as well.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Hardware: x86_64 → All
See Also: → 1139065
Summary: Secure Connection Failed at https://www.acs.rutgers.edu/ → www.acs.rutgers.edu is TLS 1.1/1.2 intolerant
Version: Firefox 37 → unspecified
i tried another rutgers site
https://www.ssllabs.com/ssltest/analyze.html?d=acs.rutgers.edu

this one is also TLS intolerant (same as acs.rutger.edu) but this one opened just fine on version 37.

I am just trying to figure out what exactly is the root cause
(In reply to muhammad from comment #3)
> i tried another rutgers site
> https://www.ssllabs.com/ssltest/analyze.html?d=acs.rutgers.edu
> 
> this one is also TLS intolerant (same as acs.rutger.edu) but this one opened
> just fine on version 37.
> 
> I am just trying to figure out what exactly is the root cause

(In reply to muhammad from comment #4)
> sorry i meant https://www.ssllabs.com/ssltest/analyze.html?d=cas.rutgers.edu

cas.rutgers.edu is indeed TLS 1.1/1.2 intolerant, but only to a TLS *record* version of 0x0303. Firefox (and I think Chrome) uses 0x0301, so this is not an issue for Firefox at least. IE does use 0x0303, but IE still does unrestricted fallbacks.

The only issue here is the RC4 use, of which I've also already notified Rutgers about.
www.acs.rutgers.edu was fixed, but cas.rutgers.edu is still broken.
Summary: www.acs.rutgers.edu is TLS 1.1/1.2 intolerant → cas.rutgers.edu is TLS 1.1/1.2 intolerant
(In reply to Masatoshi Kimura [:emk] from comment #6)
> www.acs.rutgers.edu was fixed, but cas.rutgers.edu is still broken.

cas.rutgers.edu seems to handle a 0x0301 record layer version fine - it is RC4 only though.
Blocks: RC4-Dependence
No longer blocks: TLS-Intolerance
Summary: cas.rutgers.edu is TLS 1.1/1.2 intolerant → cas.rutgers.edu is RC4 only
Fixed.
By the way, my.rutgers.edu is still broken (see bug 1139065).
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.