1153749 - ssb.okbu.edu:8910 (redirected from https://okbu.edu/ssb) is TLS 1.1/1.2 intolerant

Status: RESOLVED INCOMPLETE

(Web Compatibility :: Site Reports, defect)

Description

[Karl Dubost💡 :karlcow]

See bug description in https://webcompat.com/issues/872

Comment 1

[Karl Dubost💡 :karlcow]

Maybe another one for RC4 or TLS.

Comment 2

[:Cykesiopka]

Unfortunately, it looks like SSL Labs doesn't support anything not using port 443.

So, using the less pretty alternatives:

openssl s_client -connect ssb.okbu.edu:8910
> CONNECTED(00000003)
> 139829631932064:error:140773E8:SSL routines:SSL23_GET_SERVER_HELLO:reason(1000):s23_clnt.c:770:

openssl s_client -connect ssb.okbu.edu:8910 -no_tls1_2
> CONNECTED(00000003)
> 140473057363616:error:140773E8:SSL routines:SSL23_GET_SERVER_HELLO:reason(1000):s23_clnt.c:770:

openssl s_client -connect ssb.okbu.edu:8910 -no_tls1_2 -no_tls1_1
> CONNECTED(00000003)
> depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> ---
...
> ---
> New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
> Server public key is 2048 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>     Protocol  : TLSv1
>     Cipher    : DES-CBC3-SHA

./cipherscan ssb.okbu.edu:8910
> prio  ciphersuite   protocols          pfs
> 1     RC4-SHA       SSLv3,TLSv1        None  None
> 2     RC4-MD5       SSLv2,SSLv3,TLSv1  None  None
> 3     DES-CBC3-SHA  SSLv3,TLSv1        None  None
> 4     DES-CBC-SHA   SSLv3,TLSv1        None  None

Comment 3

[:Cykesiopka]

(In reply to Karl Dubost :karlcow from comment #1)
> Maybe another one for RC4 or TLS.

Indeed, looks like TLS 1.1/1.2 intolerance is the issue here.

Comment 4

[Masatoshi Kimura [:emk]]

ssb.okbu.edu:8910 is still broken, but https://okbu.edu/ssb no longer redirect to this port.

Comment 5

[Yuhong Bao]

Probably because they replaced the system.