Closed
Bug 940831
Opened 11 years ago
Closed 11 years ago
addons.mozilla.org should support stronger cipher suites
Categories
(Cloud Services :: Operations: Marketplace, task)
Cloud Services
Operations: Marketplace
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 901035
People
(Reporter: cai.0407, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release) Build ID: 20131118212339 Steps to reproduce: connect to addons.mozilla.org Actual results: TLS connection is TLS 1.2, however, weak cipher suites are used. AES suites are listed but have low priority. SSL_RSA_WITH_RC4_128_MD5 (0x4) <- MD5 hash (obsoleted) SSL_RSA_WITH_3DES_EDE_CBC_SHA (0xa) <- 3DES_EDE (112bit) TLS_RSA_WITH_AES_256_CBC_SHA (0x35) TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) Expected results: Stronger cipher suites should be used like other mozilla.org servers. For example, mozilla.org, bugzilla.mozilla.org, developer.mozilla.org, wiki.mozilla.org, and ftp.mozilla.org support TLS 1.1 (not 1.2) and these strong cipher suites (DHE_RSA_* suites have highest priority). TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) TLS_RSA_WITH_AES_256_CBC_SHA (0x35) SSL_RSA_WITH_RC4_128_SHA (0x5)
Comment 1•11 years ago
|
||
Likely a dupe of bug 901035 but I'll leave it to ops to mark it.
Assignee: nobody → server-ops-amo
Component: Public Pages → Server Operations: AMO Operations
Product: addons.mozilla.org → mozilla.org
QA Contact: oremj
Version: unspecified → other
Reporter | ||
Comment 2•11 years ago
|
||
bug 901035? I cannot see that bug because of lack of permission.
Updated•11 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Updated•10 years ago
|
Component: Server Operations: AMO Operations → Operations: Marketplace
Product: mozilla.org → Mozilla Services
You need to log in
before you can comment on or make changes to this bug.
Description
•