Closed
Bug 1154285
Opened 8 years ago
Closed 8 years ago
www.card-data.com is TLS 1.2 intolerant and RC4 only
Categories
(Web Compatibility :: Desktop, defect)
Web Compatibility
Desktop
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: adam.kaplan, Unassigned)
References
()
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 OPR/20.0.1387.91 Steps to reproduce: Use FF37 Desktop to browse www.card-data.com Actual results: Site unreachable due to TLS fallback intolerance Expected results: Site should be accessible. Please add to whitelist until site is fixed - sometime in late 2015.
|
||
Comment 1•8 years ago
|
||
Hi Adam, Thanks for the report. If you don't mind, could you please enable more modern cipher suites on the server as well (or forward it to someone who can)? It looks like the server is RC4 only. Thanks!
Blocks: TLS-Intolerance, RC4-Dependence
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: TLS Fallback Intolerance - add URL to white-list - block bug 1126620 → www.card-data.com is TLS 1.2 intolerant and RC4 only
Version: Firefox 37 → unspecified
|
Reporter | |
Comment 2•8 years ago
|
||
(In reply to Cykesiopka from comment #1) > Hi Adam, > > Thanks for the report. > > If you don't mind, could you please enable more modern cipher suites on the > server as well (or forward it to someone who can)? It looks like the server > is RC4 only. > > Thanks! Servers support modern ciphers, issue is load balancer doesn't. It will be replaced with more modern hardware soon. When will the whitelist be pushed to Firefox 37 users? Thanks
|
|
||
Comment 3•8 years ago
|
||
(In reply to adam.kaplan from comment #2) > Servers support modern ciphers, issue is load balancer doesn't. It will be > replaced with more modern hardware soon. That's good to hear, thanks. > When will the whitelist be pushed to Firefox 37 users? It won't be, unfortunately. The whitelist update will occur in Bug 1145844, which will hit Firefox 38 (scheduled for release the week of 2015-05-12: https://wiki.mozilla.org/RapidRelease/Calendar ). In the mean time, these prefs (in most to least preferred order) can be used so connections are possible again: security.tls.insecure_fallback_hosts = www.card-data.com (a comma separated list of domains) security.tls.version.fallback-limit = 2 security.tls.version.max = 2
|
|
Reporter | |
Comment 4•8 years ago
|
||
Will this be part of any Firefox 38 beta? Thanks
|
|
||
Comment 5•8 years ago
|
||
(In reply to adam.kaplan from comment #4) > Will this be part of any Firefox 38 beta? Thanks Yes, probably in the last beta or a RC.
|
|
Reporter | |
Comment 6•8 years ago
|
||
Load balancing hardware has been updated and whitelist of card-data.com is no longer needed. Thanks
|
|
||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
|
Assignee | |
Updated•4 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•