security protocol which isn't enabled

NEW
Unassigned

Status

Tech Evangelism Graveyard
Other
11 years ago
3 years ago

People

(Reporter: ben, Unassigned)

Tracking

Details

(URL)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

there alert box pop up showing Firefox can't connect securely to ebpsweb.maxis.net.my because the site uses a security protocol which isn't enabled. the previous version of Firefox works fine with the website until i updated the to the current version. The website work fine with IE and the previous  Firefox.

Reproducible: Always

Steps to Reproduce:
1.go to https://www.maxis.com.my/eservices/userlogin.asp
2.after entering the username and password
3.click on view/pay my bills
4.a window pop up

Actual Results:  
the alert box pop up showing Firefox can't connect securely to ebpsweb.maxis.net.my because the site uses a security protocol which isn't enabled.

Expected Results:  
it should have pop up normally showing my phone bills

Comment 1

11 years ago
The website https://ebpsweb.maxis.net.my/ uses a low-grade security protocol (DES CBC 56 bit) that is not secure enough to be used on the current Internet. That's why Firefox 2 has disabled support for it by default. Maxis should really update that webserver ! Their main one at https://www.maxis.com.my/ is fine.

You can override that behavior by typing about:config in the address bar, search for "security.ssl3.rsa_1024_des_cbc_sha", and double-click it (which will set the value to "true").

PS : if Maxis claims that their webserver is secure enough, just point them to http://www.distributed.net/pressroom/presskit.php : my name in mentioned at the challenge in 1997, where I helped to break a RSA-56 key.
Assignee: nobody → other
Status: UNCONFIRMED → NEW
Component: Security → Other
Ever confirmed: true
Product: Firefox → Tech Evangelism
QA Contact: firefox → other
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.