HTTP connections are upgraded to HTTPS. However, weak ciphers are supported.


Status: DECLINED
Case: none
Changes: 3
Source: link
Author: (deactivated)


Firefox.com is on the HTTP Strict Transport Security preload list, so all connections to this server will use HTTPS; clear HTTP will be upgraded. They also use HTTP Public Key Pinning for extra protection against man-in-the-middle attacks. However, as of January 2018, their Web server supports weak key exchanges (1024-bit DH parameters), making downgrade attacks possible.


Comments:
On 2018-08-29 11:18:57 UTC, michielbdejong Staff wrote:

changes-requested: Please edit this point to select a case from https://edit.tosdr.org/cases/

On 2021-02-06 03:50:48 UTC, System Bot wrote:

DECLINED
Point automatically declined as no activity have been monitored over a course of 2 months



We track editorial changes to analyses and updates to a point's status and display the previous versions here as part of an effort to promote transparency regarding our curation process.

Version 1: 2021-02-06 03:50:48 UTC by Deleted

Previous Title: No changes recorded

Updated Title: No changes recorded

Previous Analysis: No changes recorded

Updated Analysis: No changes recorded

Previous Status: CHANGES REQUESTED

Updated Status: DECLINED

Version 2: 2018-08-29 11:18:57 UTC by michielbdejong Staff

Previous Title: No changes recorded

Updated Title: No changes recorded

Previous Analysis: No changes recorded

Updated Analysis: No changes recorded

Previous Status: APPROVED

Updated Status: CHANGES REQUESTED

Version 3: 2021-02-06 03:50:48 UTC by chris Staff

Previous Title: No changes recorded

Updated Title: No changes recorded

Previous Analysis: No changes recorded

Updated Analysis: No changes recorded

Previous Status: No changes recorded

Updated Status: No changes recorded