Closed Bug 1232053 Opened 10 years ago Closed 10 years ago

account.half.ebay.com and related sites are RC4 only

Categories

(Web Compatibility :: Site Reports, defect)

Product:
Web Compatibility
Component:
Site Reports
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mark, Unassigned)

References

(
URL
)

Details

Various half.com sites that have been absorbed by eBay are RC4 only. Any user account sites and the checkout pages can't be opened after disabling RC4. e.g.: account.half.ebay.com checkout.half.ebay.com SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=account.half.ebay.com Score: F Cipher Suites (sorted by strength as the server has no preference; deprecated and SSL 2 suites at the end) TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128 I've already shot them an e-mail to have them correct it.
Looks like eBay servers have multiple IP addresses. account.half.ebay.com => 66.211.181.111 checkout.half.ebay.com => 66.211.181.112 The above servers are rated A-. account.half.ebay.com => 66.135.211.151 checkout.half.ebay.com => 66.135.211.152 The above servers are rated F.
That's new then. When I checked, it resolved to just one.
I got a response that they said they have addressed it, but this morning when checking the situation was back to the old one (just pointing to the F-rated servers) -- I've filed a follow-up with them. Hopefully they will fix it completely this time.
Well, disappointing: "I’m sorry to hear that you’re still unable to access your Half.com account due to encryption issue with our site. Let me assist you with your concern. Mark, we have communicated with our technical team and they confirmed that this is not a technical glitch on our end. It looks like that your browser is set to high security connections only, so it won’t connect to our slightly older encryption to sign in. That’s something you need to adjust on your end. In this case, you need to do is to contact your browser’s help pages or support for assistance." I've pointed them to the RFC about RC4 as a response, but it seems they don't find my word carrying enough weight. What would normally be done in this case? Can someone with official Mozilla capacity reach out to them? service@half.com seems to be the right desk.
Seems to be fixed.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.