Closed
Bug 1158465
Opened 9 years ago
Closed 9 years ago
jbclick.jaxbchfl.net (via beachesenergy.com) is TLS 1.1/1.2 intolerant
Categories
(Web Compatibility :: Site Reports, defect)
Web Compatibility
Site Reports
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: gingerbread_man, Unassigned)
References
()
Details
(Keywords: site-compat)
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:40.0) Gecko/20100101 Firefox/40.0 Build ID: 20150424030204 Steps to reproduce: 1. http://www.beachesenergy.com/view-account-information 2. Click “I have a PIN/Password”. This attempts to load https://jbclick.jaxbchfl.net/Click2GovCX/Index.jsp Actual results: Secure Connection Failed, ssl_error_no_cypher_overlap. Expected results: The page should load. SSL Labs report: https://www.ssllabs.com/ssltest/analyze.html?d=jbclick.jaxbchfl.net
Comment 1•9 years ago
|
||
The site is only TLS 1.1/1.2 intolerant, it's not RC4 only:
> Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end)
> TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
> TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
> TLS_RSA_WITH_RC4_128_MD5 (0x4)
> TLS_RSA_WITH_RC4_128_SHA (0x5)
> TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)
No longer blocks: RC4-Dependence
Summary: jbclick.jaxbchfl.net (via beachesenergy.com) only works with security.tls.version.fallback-limit = 1 → jbclick.jaxbchfl.net (via beachesenergy.com) is TLS 1.1/1.2 intolerant
Reporter | ||
Comment 2•9 years ago
|
||
(In reply to Cykesiopka from comment #1) > The site is only TLS 1.1/1.2 intolerant, it's not RC4 only: Noted. I went by the SSL Labs result, Protocol Details section, which says “RC4: Yes WEAK”. I realize now that warning means RC4 is accepted, not that it's used exclusively.
Assignee | ||
Updated•5 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•