Open Bug 902602 Opened 11 years ago Updated 1 year ago

Improve HTTPS settings for Firefox Health Report (fhr.cdn.mozilla.net)

Categories

(Cloud Services :: Firefox: Common, defect)

Product:
Cloud Services
Component:
Firefox: Common
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: 326374, Unassigned)

References

Details

User Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20130805 Firefox/24.0 (Nightly/Aurora)
Build ID: 20130805004006

Steps to reproduce:

Check out https://www.ssllabs.com/ssltest/analyze.html?d=fhr.cdn.mozilla.net

(the FHR is currently hosted at https://fhr.cdn.mozilla.net/en-US/)


Actual results:

The page lists two of problems:
* Forward secrecy not enabled
* The server does not mitigate the BEAST attack (not necessary since Firefox mitigates it)



Expected results:

Forward secrecy should be enabled and there is no reason not to mitigate the BEAST attack.
Since no user data is sent to the server, it doesn't really matter for the CDN, but the server which *does* receive the data should at least have forward secrecy enabled.

And even for the CDN, there's no reason not to have it.
Severity: normal → minor
Blocks: tls-everything
You need to log in before you can comment on or make changes to this bug.