Closed
Bug 842055
Opened 12 years ago
Closed 12 years ago
Everything.me API is vulnerable to BEAST attack
Categories
(Firefox OS Graveyard :: Gaia::Everything.me, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: st3fan, Assigned: ranbena)
References
Details
See output of the TestSSLServer application that scans for the BEAST and CRIME vulnerabilities. This can be fixed by using the appropriate SSL server settings.
I think this is important to fix as the everything.me API is used to deliver essential content to the application.
% java -jar TestSSLServer.jar api.everything.me 443
Supported versions: SSLv3 TLSv1.0
Deflate compression: no
Supported cipher suites (ORDER IS NOT SIGNIFICANT):
SSLv3
RSA_WITH_RC4_128_MD5
RSA_WITH_RC4_128_SHA
RSA_WITH_3DES_EDE_CBC_SHA
RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA
(TLSv1.0: idem)
----------------------
Server certificate(s):
49b2a1870e273722967205a1a3a1c300635ed4d1: CN=*.everything.me, OU=IT, O=DoAT Media Ltd., L=Tel Aviv, ST=Isael, C=IL, SERIALNUMBER=hfQS-TOEDJ3nn45fu-d0Uywh2r2mfogU
----------------------
Minimal encryption strength: strong encryption (96-bit or more)
Achievable encryption strength: strong encryption (96-bit or more)
BEAST status: vulnerable
CRIME status: protected
Assignee | ||
Updated•12 years ago
|
Assignee: nobody → ran
Assignee | ||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•