Closed Bug 750265 Opened 9 years ago Closed 5 years ago

secure.dominos.co.in has multiple configuration issues (supports export cipher suites etc)

Categories

(Web Compatibility :: Desktop, defect)

x86
Windows 8
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: divjot94, Unassigned)

References

()

Details

For Indian website of Dominos I get this alert and says its untrusted and I shouldn't go for it, but i have been using it since ages and even now i made the order and everything is legit. 

Indian testers can check it if they want to.
bogas04, could you comment on how to reproduce this problem? Visiting the URL redirects to another page that doesn't provide identity information.
It's unclear whether the server configuration has changed in the last three years, but there are currently quite a few issues with this server.

https://www.ssllabs.com/ssltest/analyze.html?d=secure.dominos.co.in
> Valid until 	Fri, 24 Jan 2014 23:59:59 UTC (expired 1 year and 6 months ago)   EXPIRED

> SSL 3   INSECURE 	Yes
> SSL 2   INSECURE 	Yes
The server still supports these old, insecure protocols.

> TLS_RSA_WITH_DES_CBC_SHA (0x9)
> TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x64)
> TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x62)
> TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x3)
> TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x8)
> TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x6)
> TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 (0x60)
> TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 (0x61)
> SSL_CK_RC4_64_WITH_MD5 (0x80080)
> SSL_CK_DES_192_EDE3_CBC_WITH_MD5 (0x700c0)
> SSL_CK_DES_64_CBC_WITH_MD5 (0x60040)
> SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 (0x40080)
> SSL_CK_RC2_128_CBC_WITH_MD5 (0x30080)
> SSL_CK_RC4_128_EXPORT40_WITH_MD5 (0x20080)
> SSL_CK_RC4_128_WITH_MD5 (0x10080)
The server supports a long list of really broken cipher suites.

> Secure Renegotiation 	Not supported
> Secure Client-Initiated Renegotiation 	No	
> Insecure Client-Initiated Renegotiation 	Supported
Status: UNCONFIRMED → NEW
Component: Security → Desktop
Ever confirmed: true
Product: Firefox → Tech Evangelism
Summary: Invalid Alert for untrusted security for https://secure.dominos.co.in/orderonline/payment-confirm.php → secure.dominos.co.in has multiple configuration issues (supports export cipher suites etc)
Still the case.

There is a non-secure http://www.dominos.co.in/
from the homepage when you go to order online you are directed to
https://pizzaonline.dominos.co.in/?src=brand

which is working.

So I guess the previous issue is invalid.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.