I've just tried sending a couple of tweets their way. Let's see if we're lucky and their support answers. For clarity, we're seeing multiple servers that appear to be from this same host provider that are effectively RC4-only. (supporting Camellia is novel, but absolutely nobody supports that) That's not good; an upgrade is needed. All browsers are phasing this out, and Firefox would like to do it ASAP. https://tools.ietf.org/html/rfc7465 At minimum, AES-CBC needs to be turned on. Ideally, ECDHE or DHE AES-GCM should be supported. General server TLS configuration recommendations from Mozilla: https://wiki.mozilla.org/Security/Server_Side_TLS

Looks like Bluehost fixed the server settings. Now TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled.

AES-GCM suites are also available, however their servers have CBC prioritized and negotiate it instead of GCM in Firefox, Chrome, IE, and Safari.