https://www.ssllabs.com/ssltest/analyze.html?d=23andme.com Protocols TLS 1.2 No TLS 1.1 No TLS 1.0 Yes SSL 3 No SSL 2 No Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end) TLS_RSA_WITH_RC4_128_MD5 (0x4) WEAK 128 TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128

Shouldn't this rather block bug 1124039? RC4-only site and only intolerant to TLS 1.3, 1.98, 2.98.

Yes.

Using 39.0a1... had to set 'security.tls.unrestricted_rc4_fallback' to 'true' for https://www.23andme.com to load

I e-mailed 23andme about this, and this is their response: > Thank you for contacting the 23andMe Team. Other users contacted us with this same feedback > for the Firefox browser. We appreciate you taking the time to contact us with this concern, > and have forwarded your comments to the appropriate team. We are constantly monitoring the > landscape of encryption protocols, including RC4 cipher protocols, as well as our security > practices to ensure that our customer data is secure. We believe that RC4 use in the context > of the 23andme.com web application is sufficiently mitigated to provide adequate level of > protection for 23andMe customers at this time. A rather disappointing response from a company that handles information as private as genetic data.

Fixed.