Closed
Bug 1232053
Opened 8 years ago
Closed 8 years ago
account.half.ebay.com and related sites are RC4 only
Categories
(Web Compatibility :: Desktop, defect)
Web Compatibility
Desktop
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mark, Unassigned)
References
()
Details
Various half.com sites that have been absorbed by eBay are RC4 only. Any user account sites and the checkout pages can't be opened after disabling RC4. e.g.: account.half.ebay.com checkout.half.ebay.com SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=account.half.ebay.com Score: F Cipher Suites (sorted by strength as the server has no preference; deprecated and SSL 2 suites at the end) TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128 I've already shot them an e-mail to have them correct it.
Comment 1•8 years ago
|
||
Looks like eBay servers have multiple IP addresses. account.half.ebay.com => 66.211.181.111 checkout.half.ebay.com => 66.211.181.112 The above servers are rated A-. account.half.ebay.com => 66.135.211.151 checkout.half.ebay.com => 66.135.211.152 The above servers are rated F.
Reporter | ||
Comment 2•8 years ago
|
||
That's new then. When I checked, it resolved to just one.
Reporter | ||
Comment 3•8 years ago
|
||
I got a response that they said they have addressed it, but this morning when checking the situation was back to the old one (just pointing to the F-rated servers) -- I've filed a follow-up with them. Hopefully they will fix it completely this time.
Reporter | ||
Comment 4•8 years ago
|
||
Well, disappointing: "I’m sorry to hear that you’re still unable to access your Half.com account due to encryption issue with our site. Let me assist you with your concern. Mark, we have communicated with our technical team and they confirmed that this is not a technical glitch on our end. It looks like that your browser is set to high security connections only, so it won’t connect to our slightly older encryption to sign in. That’s something you need to adjust on your end. In this case, you need to do is to contact your browser’s help pages or support for assistance." I've pointed them to the RFC about RC4 as a response, but it seems they don't find my word carrying enough weight. What would normally be done in this case? Can someone with official Mozilla capacity reach out to them? service@half.com seems to be the right desk.
Seems to be fixed.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•5 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•