ssb.okbu.edu:8910 (redirected from https://okbu.edu/ssb) is TLS 1.1/1.2 intolerant

RESOLVED INCOMPLETE

Status

RESOLVED INCOMPLETE
3 years ago
2 years ago

People

(Reporter: karlcow, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

3 years ago
See bug description in https://webcompat.com/issues/872
(Reporter)

Comment 1

3 years ago
Maybe another one for RC4 or TLS.
Flags: needinfo?(cykesiopka.bmo)
(Reporter)

Updated

3 years ago

Comment 2

3 years ago
Unfortunately, it looks like SSL Labs doesn't support anything not using port 443.

So, using the less pretty alternatives:

openssl s_client -connect ssb.okbu.edu:8910
> CONNECTED(00000003)
> 139829631932064:error:140773E8:SSL routines:SSL23_GET_SERVER_HELLO:reason(1000):s23_clnt.c:770:

openssl s_client -connect ssb.okbu.edu:8910 -no_tls1_2
> CONNECTED(00000003)
> 140473057363616:error:140773E8:SSL routines:SSL23_GET_SERVER_HELLO:reason(1000):s23_clnt.c:770:

openssl s_client -connect ssb.okbu.edu:8910 -no_tls1_2 -no_tls1_1
> CONNECTED(00000003)
> depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> ---
...
> ---
> New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
> Server public key is 2048 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>     Protocol  : TLSv1
>     Cipher    : DES-CBC3-SHA

./cipherscan ssb.okbu.edu:8910
> prio  ciphersuite   protocols          pfs
> 1     RC4-SHA       SSLv3,TLSv1        None  None
> 2     RC4-MD5       SSLv2,SSLv3,TLSv1  None  None
> 3     DES-CBC3-SHA  SSLv3,TLSv1        None  None
> 4     DES-CBC-SHA   SSLv3,TLSv1        None  None

Comment 3

3 years ago
(In reply to Karl Dubost :karlcow from comment #1)
> Maybe another one for RC4 or TLS.

Indeed, looks like TLS 1.1/1.2 intolerance is the issue here.
Blocks: 1126620
Flags: needinfo?(cykesiopka.bmo)
OS: Mac OS X → All
Hardware: x86 → All
Summary: okbu.edu - ssb.okbu.edu:8910 - Secure Connection Failed → ssb.okbu.edu:8910 (redirected from https://okbu.edu/ssb) is TLS 1.1/1.2 intolerant
Version: Firefox 37 → unspecified
ssb.okbu.edu:8910 is still broken, but https://okbu.edu/ssb no longer redirect to this port.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INCOMPLETE

Comment 5

2 years ago
Probably because they replaced the system.
You need to log in before you can comment on or make changes to this bug.