358622 - security protocol which isn't enabled

Status: RESOLVED INCOMPLETE

(Tech Evangelism Graveyard :: Other, defect)

Description

[ben]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

there alert box pop up showing Firefox can't connect securely to ebpsweb.maxis.net.my because the site uses a security protocol which isn't enabled. the previous version of Firefox works fine with the website until i updated the to the current version. The website work fine with IE and the previous  Firefox.

Reproducible: Always

Steps to Reproduce:
1.go to https://www.maxis.com.my/eservices/userlogin.asp
2.after entering the username and password
3.click on view/pay my bills
4.a window pop up

Actual Results:  
the alert box pop up showing Firefox can't connect securely to ebpsweb.maxis.net.my because the site uses a security protocol which isn't enabled.

Expected Results:  
it should have pop up normally showing my phone bills

Comment 1

[Jo Hermans]

The website https://ebpsweb.maxis.net.my/ uses a low-grade security protocol (DES CBC 56 bit) that is not secure enough to be used on the current Internet. That's why Firefox 2 has disabled support for it by default. Maxis should really update that webserver ! Their main one at https://www.maxis.com.my/ is fine.

You can override that behavior by typing about:config in the address bar, search for "security.ssl3.rsa_1024_des_cbc_sha", and double-click it (which will set the value to "true").

PS : if Maxis claims that their webserver is secure enough, just point them to http://www.distributed.net/pressroom/presskit.php : my name in mentioned at the challenge in 1997, where I helped to break a RSA-56 key.