Closed Bug 940831 Opened 11 years ago Closed 11 years ago

addons.mozilla.org should support stronger cipher suites

Categories

(Cloud Services :: Operations: Marketplace, task)

Product:
Cloud Services
Component:
Operations: Marketplace
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 901035

People

(Reporter: cai.0407, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release)
Build ID: 20131118212339

Steps to reproduce:

connect to addons.mozilla.org


Actual results:

TLS connection is TLS 1.2, however, weak cipher suites are used.
AES suites are listed but have low priority.

SSL_RSA_WITH_RC4_128_MD5 (0x4) <- MD5 hash (obsoleted)
SSL_RSA_WITH_3DES_EDE_CBC_SHA (0xa) <- 3DES_EDE (112bit)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)



Expected results:

Stronger cipher suites should be used like other mozilla.org servers.
For example, mozilla.org, bugzilla.mozilla.org, developer.mozilla.org, wiki.mozilla.org, and ftp.mozilla.org support TLS 1.1 (not 1.2) and these strong cipher suites (DHE_RSA_* suites have highest priority).

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
SSL_RSA_WITH_RC4_128_SHA (0x5)
Likely a dupe of bug 901035 but I'll leave it to ops to mark it.
Assignee: nobody → server-ops-amo
Component: Public Pages → Server Operations: AMO Operations
Product: addons.mozilla.org → mozilla.org
QA Contact: oremj
Version: unspecified → other
bug 901035? I cannot see that bug because of lack of permission.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Component: Server Operations: AMO Operations → Operations: Marketplace
Product: mozilla.org → Mozilla Services
You need to log in before you can comment on or make changes to this bug.