Point 1172 (ToS;DR Phoenix)

HTTP connections are upgraded to HTTPS. However, weak ciphers are supported.

Status: DECLINED

Case: none

Changes: 3

Source: link

Author: (deactivated) ⁽¹⁾ Suspended

Firefox.com is on the HTTP Strict Transport Security preload list, so all connections to this server will use HTTPS; clear HTTP will be upgraded. They also use HTTP Public Key Pinning for extra protection against man-in-the-middle attacks. However, as of January 2018, their Web server supports weak key exchanges (1024-bit DH parameters), making downgrade attacks possible.

Comments:

No comments found

We track editorial changes to analyses and updates to a point's status and display the previous versions here as part of an effort to promote transparency regarding our curation process.

Version 3: 2021-02-06 03:50:48 UTC by Deleted Suspended

Analysis updated

Previous Status: CHANGES REQUESTED

Updated Status: DECLINED

Version 2: 2018-08-29 11:18:57 UTC by michielbdejong ⁽⁶⁾ Suspended

Analysis updated

Previous Status: APPROVED

Updated Status: CHANGES REQUESTED

HTTP connections are upgraded to HTTPS. However, weak ciphers are supported.

Version 3: 2021-02-06 03:50:48 UTC by Deleted Suspended

Analysis updated

Version 2: 2018-08-29 11:18:57 UTC by michielbdejong (6) Suspended

Analysis updated

Version 1: 2021-02-06 03:50:48 UTC by chris (7) Suspended

Analysis updated

Version 2: 2018-08-29 11:18:57 UTC by michielbdejong ⁽⁶⁾ Suspended

Version 1: 2021-02-06 03:50:48 UTC by chris ⁽⁷⁾ Suspended