Firefox and secureads.ft.com cannot communicate securely because they have no common encryption algorithms.

RESOLVED INVALID

Status

()

Core
Security: PSM
RESOLVED INVALID
12 years ago
12 years ago

People

(Reporter: Henrik Gemal, Assigned: kaie)

Tracking

Other Branch
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

12 years ago
when I connect to https://secureads.ft.com/js.ng/ I get a weird alert talking about encryption algorithms

Comment 1

12 years ago
The Alert dialog:

    Firefox and secureads.ft.com cannot communicate
    securely because they have no common encryption
    algorithms.

is correct.  secureads.ft.com only supports weak
SSL cipher suites (the "encryption algorithms" in
the Alert dialog).  Please enter "about:config" in
the location bar of the browser and see if you have
the following two preferences:

security.ssl3.rsa_rc2_40_md5
security.ssl3.rsa_rc4_40_md5

If the preferences are listed, set their values to
true.  But we should ask the administrator of
secureads.ft.com to upgrade to a web server that
supports strong SSL cipher suites.
Assignee: wtchang → kengert
Component: NSPR → Security: PSM
Product: NSPR → Core
QA Contact: wtchang
Version: other → Other Branch

Comment 2

12 years ago
Henrik, I forgot to mention that we recently disabled weak
SSL cipher suites.  I'm not sure if they can still be enabled
via about:config.
(Assignee)

Comment 3

12 years ago
> I'm not sure if they can still be enabled via about:config.

Yes they can, we only disabled them by default, but the prefs are still there.
Summary: weird alert when getting https url → Firefox and secureads.ft.com cannot communicate securely because they have no common encryption algorithms.
(Assignee)

Comment 4

12 years ago
I sent a message to the webmaster of that site.
closing bug as invalid
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → INVALID
We have a "SSL2 hall of shame" bug, listing sites that don't work with 
FF because they use SSL2 only.

Now, methinks we need a "40-bit hall of shame" bug, to list SSL servers 
of all sorts (https, imaps, ldaps, pop3s, etc.) that server only 40-bit
ciphers, and therefore do not work with FF/TB/SM.
You need to log in before you can comment on or make changes to this bug.