HTTP connections are upgraded to HTTPS. However, weak ciphers are supported.


Status: DECLINED
Case: none
Changes: 3
Source: link
Author: (deactivated) (1) Suspended


Firefox.com is on the HTTP Strict Transport Security preload list, so all connections to this server will use HTTPS; clear HTTP will be upgraded. They also use HTTP Public Key Pinning for extra protection against man-in-the-middle attacks. However, as of January 2018, their Web server supports weak key exchanges (1024-bit DH parameters), making downgrade attacks possible.


Comments:
No comments found


We track editorial changes to analyses and updates to a point's status and display the previous versions here as part of an effort to promote transparency regarding our curation process.

Version 3: 2021-02-06 03:50:48 UTC by Deleted Suspended

Previous Title: No changes recorded

Updated Title: No changes recorded

Previous Analysis: No changes recorded

Updated Analysis: No changes recorded

Previous Status: CHANGES REQUESTED

Updated Status: DECLINED

Version 2: 2018-08-29 11:18:57 UTC by michielbdejong (6) Suspended

Previous Title: No changes recorded

Updated Title: No changes recorded

Previous Analysis: No changes recorded

Updated Analysis: No changes recorded

Previous Status: APPROVED

Updated Status: CHANGES REQUESTED

Version 1: 2021-02-06 03:50:48 UTC by chris (7) Suspended

Previous Title: No changes recorded

Updated Title: No changes recorded

Previous Analysis: No changes recorded

Updated Analysis: No changes recorded

Previous Status: No changes recorded

Updated Status: No changes recorded