User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0 Build ID: 2014112600 Steps to reproduce: Using firefox 037.01a on WIN7 i'm accessing this encrypted page: http://soeasy.sodexo.be/ServiceVouchers/ (Which is automaticly redirected to the https://) or directly the secured page: https://soeasy.sodexo.be/ServiceVouchers/ Actual results: no access and it says : Your connection to this site is not encrypted. What's happening ? Expected results: Normal access to the page like with other browser on same OS or others too (firefox& konqueror on opensuse 13.2 x64)

The server's SSL/TLS configuration is severely broken. https://www.ssllabs.com/ssltest/analyze.html?d=soeasy.sodexo.be It is TLS version 1.1+ intolerant and only use RC4 or EXPORT ciphers. SSL 3 is still supported and insecure renegotiation is supported. This might be a dupe of bug 1116891, however if I test it in a new profile in Aurora it works. It fails to load in a new profile in Nightly.

Hi Dave Garrett, I think you're partly right because nightly 37.0a1 have the same result to access these sites from the bug you've mentioned https://bugzilla.mozilla.org/show_bug.cgi?id=1116891 https://airportwifi.com/ https://cart.pcpitstop.com/ https://books.wwnorton.com/ The result is like the one i have when accessing https://soeasy.sodexo.be/ServiceVouchers/ But i don't know if it's the same reason. But the bug 1116891 also affects nighly 37.0a1 x64 on Windows 7 ! The site is not mine thus i can't make any changes to the server. What about the ssl/TLS configuration of the server i can't do anything only informing the company that is SSL/TLS configuration is severely broken.

(In reply to nightly-win.maricau from comment #6) > The site is not mine thus i can't make any changes to the server. What > about the ssl/TLS configuration of the server i can't do anything only > informing the company that is SSL/TLS configuration is severely broken. Your current workaround is adding "soeasy.sodexo.be" to "security.tls.insecure_fallback_hosts" from about:config. We will add the domain to the default whitelist if the site is not fixed until we ship Firefox 37.

(In reply to Dave Garrett from comment #5) > The server's SSL/TLS configuration is severely broken. > https://www.ssllabs.com/ssltest/analyze.html?d=soeasy.sodexo.be > > It is TLS version 1.1+ intolerant and only use RC4 or EXPORT ciphers. SSL 3 > is still supported and insecure renegotiation is supported. > > This might be a dupe of bug 1116891, however if I test it in a new profile > in Aurora it works. It fails to load in a new profile in Nightly. Ah, the server is the obsolete Microsoft-IIS/5.0.

Though even IIS 5.0 is not version intolerant so it is probably a load balancer.

(Changing summary for easier tracking)

Fixed.