Closed Bug 1152990 Opened 8 years ago Closed 7 years ago is TLS 1.1/1.2 intolerant


(Web Compatibility :: Desktop, defect)

Not set


(firefox40 affected)

Tracking Status
firefox40 --- affected


(Reporter: kbrosnan, Unassigned)




This server isn't actually RC4 only - it accepts additional cipher suites.

Note the various failures in the "Handshake Simulation" section of the SSL Labs report, as well as this line:
> TLS version intolerance 	TLS 1.1  TLS 1.2  TLS 1.3  TLS 1.98  TLS 2.98   PROBLEMATIC

This server needs to be updated, but in the mean time, these prefs (most preferred to least) can be set so connections are possible again:
security.tls.insecure_fallback_hosts = (a comma separated list of domains)
security.tls.version.fallback-limit = 1
security.tls.version.max = 1
Blocks: TLS-Intolerance
No longer blocks: RC4-Dependence
Summary: is untrusted RC4 → is TLS 1.1/1.2 intolerant
Kevin, could you ask the person who is unable to access this site to point whoever runs at this bug? I don't think I have a SUMO account, and there's no obvious indication of who I can e-mail directly on the website.

Flags: needinfo?(kbrosnan)
I don't think this user should be pointed at about:config.
Flags: needinfo?(kbrosnan)
The site owner is
(In reply to Kevin Brosnan [:kbrosnan] from comment #3)
> I don't think this user should be pointed at about:config.

Unfortunately, there is no way of connecting to the site without fiddling with prefs at the moment (or recommending ESR). The earliest this site will work by default is Firefox 38, when the static whitelist gets updated.

(In reply to Kevin Brosnan [:kbrosnan] from comment #4)
> The site owner is

This seems to be Weblogic again. They should switch to the JSSE stack.
I can no longer connect, even with Chrome. SSL Labs also said "No secure protocols supported." I will not add this site to the whitelist if it keeps failing.
Probably after employees complained at work about it.
The URL seems to provide access to the company's payroll service at minimum. This is according to the user in the thread referenced in comment 0.
Looks like the site is working again, still with the TLS intolerance problem.
The server is down once again.
I'll remove this server from the whitelist if it continues to fail.
Depends on: 1165549
Depends on: 1195789
No longer depends on: 1195789
Removed from the whitelist.
Closed: 7 years ago
Resolution: --- → WONTFIX
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.