Closed Bug 750265 Opened 9 years ago Closed 5 years ago
.dominos .co .in has multiple configuration issues (supports export cipher suites etc)
For Indian website of Dominos I get this alert and says its untrusted and I shouldn't go for it, but i have been using it since ages and even now i made the order and everything is legit. Indian testers can check it if they want to.
bogas04, could you comment on how to reproduce this problem? Visiting the URL redirects to another page that doesn't provide identity information.
It's unclear whether the server configuration has changed in the last three years, but there are currently quite a few issues with this server. https://www.ssllabs.com/ssltest/analyze.html?d=secure.dominos.co.in > Valid until Fri, 24 Jan 2014 23:59:59 UTC (expired 1 year and 6 months ago) EXPIRED > SSL 3 INSECURE Yes > SSL 2 INSECURE Yes The server still supports these old, insecure protocols. > TLS_RSA_WITH_DES_CBC_SHA (0x9) > TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x64) > TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x62) > TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x3) > TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x8) > TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x6) > TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 (0x60) > TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 (0x61) > SSL_CK_RC4_64_WITH_MD5 (0x80080) > SSL_CK_DES_192_EDE3_CBC_WITH_MD5 (0x700c0) > SSL_CK_DES_64_CBC_WITH_MD5 (0x60040) > SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 (0x40080) > SSL_CK_RC2_128_CBC_WITH_MD5 (0x30080) > SSL_CK_RC4_128_EXPORT40_WITH_MD5 (0x20080) > SSL_CK_RC4_128_WITH_MD5 (0x10080) The server supports a long list of really broken cipher suites. > Secure Renegotiation Not supported > Secure Client-Initiated Renegotiation No > Insecure Client-Initiated Renegotiation Supported
Status: UNCONFIRMED → NEW
Component: Security → Desktop
Ever confirmed: true
Product: Firefox → Tech Evangelism
Summary: Invalid Alert for untrusted security for https://secure.dominos.co.in/orderonline/payment-confirm.php → secure.dominos.co.in has multiple configuration issues (supports export cipher suites etc)
Still the case. There is a non-secure http://www.dominos.co.in/ from the homepage when you go to order online you are directed to https://pizzaonline.dominos.co.in/?src=brand which is working. So I guess the previous issue is invalid.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.