Closed
Bug 940831
Opened 12 years ago
Closed 12 years ago
addons.mozilla.org should support stronger cipher suites
Categories
(Cloud Services :: Operations: Marketplace, task)
Cloud Services
Operations: Marketplace
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 901035
People
(Reporter: cai.0407, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release)
Build ID: 20131118212339
Steps to reproduce:
connect to addons.mozilla.org
Actual results:
TLS connection is TLS 1.2, however, weak cipher suites are used.
AES suites are listed but have low priority.
SSL_RSA_WITH_RC4_128_MD5 (0x4) <- MD5 hash (obsoleted)
SSL_RSA_WITH_3DES_EDE_CBC_SHA (0xa) <- 3DES_EDE (112bit)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
Expected results:
Stronger cipher suites should be used like other mozilla.org servers.
For example, mozilla.org, bugzilla.mozilla.org, developer.mozilla.org, wiki.mozilla.org, and ftp.mozilla.org support TLS 1.1 (not 1.2) and these strong cipher suites (DHE_RSA_* suites have highest priority).
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
SSL_RSA_WITH_RC4_128_SHA (0x5)
Comment 1•12 years ago
|
||
Likely a dupe of bug 901035 but I'll leave it to ops to mark it.
Assignee: nobody → server-ops-amo
Component: Public Pages → Server Operations: AMO Operations
Product: addons.mozilla.org → mozilla.org
QA Contact: oremj
Version: unspecified → other
Reporter | ||
Comment 2•12 years ago
|
||
bug 901035? I cannot see that bug because of lack of permission.
Updated•12 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Updated•11 years ago
|
Component: Server Operations: AMO Operations → Operations: Marketplace
Product: mozilla.org → Mozilla Services
You need to log in
before you can comment on or make changes to this bug.
Description
•