Closed Bug 1232053 Opened 7 years ago Closed 7 years ago

account.half.ebay.com and related sites are RC4 only

Categories

(Web Compatibility :: Desktop, defect)

Product:
Web Compatibility
Component:
Desktop
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mark, Unassigned)

References

(
URL
)

Details

Various half.com sites that have been absorbed by eBay are RC4 only.
Any user account sites and the checkout pages can't be opened after disabling RC4.

e.g.:
account.half.ebay.com
checkout.half.ebay.com

SSL Labs:
https://www.ssllabs.com/ssltest/analyze.html?d=account.half.ebay.com

Score: F
Cipher Suites (sorted by strength as the server has no preference; deprecated and SSL 2 suites at the end)
TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE 	128

I've already shot them an e-mail to have them correct it.
Looks like eBay servers have multiple IP addresses.

  account.half.ebay.com => 66.211.181.111
  checkout.half.ebay.com => 66.211.181.112
The above servers are rated A-.

  account.half.ebay.com => 66.135.211.151
  checkout.half.ebay.com => 66.135.211.152
The above servers are rated F.
That's new then. When I checked, it resolved to just one.
I got a response that they said they have addressed it, but this morning when checking the situation was back to the old one (just pointing to the F-rated servers) -- I've filed a follow-up with them. Hopefully they will fix it completely this time.
Well, disappointing:

"I’m sorry to hear that you’re still unable to access your Half.com account due to encryption issue with our site. Let me assist you with your concern.

Mark, we have communicated with our technical team and they confirmed that this is not a technical glitch on our end. It looks like that your browser is set to high security connections only, so it won’t connect to our slightly older encryption to sign in. That’s something you need to adjust on your end.

In this case, you need to do is to contact your browser’s help pages or support for assistance."

I've pointed them to the RFC about RC4 as a response, but it seems they don't find my word carrying enough weight. What would normally be done in this case? Can someone with official Mozilla capacity reach out to them? service@half.com seems to be the right desk.
Seems to be fixed.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.