addons.mozilla.org should support stronger cipher suites

RESOLVED DUPLICATE of bug 901035

Status

Cloud Services
Operations: Marketplace
RESOLVED DUPLICATE of bug 901035
5 years ago
4 years ago

People

(Reporter: Kosuke Kaizuka, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release)
Build ID: 20131118212339

Steps to reproduce:

connect to addons.mozilla.org


Actual results:

TLS connection is TLS 1.2, however, weak cipher suites are used.
AES suites are listed but have low priority.

SSL_RSA_WITH_RC4_128_MD5 (0x4) <- MD5 hash (obsoleted)
SSL_RSA_WITH_3DES_EDE_CBC_SHA (0xa) <- 3DES_EDE (112bit)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)



Expected results:

Stronger cipher suites should be used like other mozilla.org servers.
For example, mozilla.org, bugzilla.mozilla.org, developer.mozilla.org, wiki.mozilla.org, and ftp.mozilla.org support TLS 1.1 (not 1.2) and these strong cipher suites (DHE_RSA_* suites have highest priority).

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
SSL_RSA_WITH_RC4_128_SHA (0x5)
Likely a dupe of bug 901035 but I'll leave it to ops to mark it.
Assignee: nobody → server-ops-amo
Component: Public Pages → Server Operations: AMO Operations
Product: addons.mozilla.org → mozilla.org
QA Contact: oremj
Version: unspecified → other
(Reporter)

Comment 2

5 years ago
bug 901035? I cannot see that bug because of lack of permission.

Updated

5 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 901035
Component: Server Operations: AMO Operations → Operations: Marketplace
Product: mozilla.org → Mozilla Services
You need to log in before you can comment on or make changes to this bug.