[wp-trac] [WordPress Trac] #27607: Can't access some WordPress.com blogs, after disabling RC4 and AES-128
WordPress Trac
noreply at wordpress.org
Mon Mar 31 14:21:52 UTC 2014
#27607: Can't access some WordPress.com blogs, after disabling RC4 and AES-128
--------------------------+-----------------------------
Reporter: Ryuno-Ki | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.8
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
First, this is no security issue as stated in that
[https://make.wordpress.org/core/handbook/reporting-security-
vulnerabilities/ Security FAQ], since it does not involve instructions to
"hack" a blog.
Steps to reproduce:
Follow the tipps by Martin Grässlin as stated here:
http://www.bitblokes.de/2013/09/security-tipp-von-mr-kwin-martin-
graesslin-firefox-sicherer-machen/
that is, disabling RC4 and AES-128 keys in Firefox' about:config (Fx
v26-v28). The problem occurs on Sabayon Linux 64Bit and Ubuntu.
{{{
$ uname -a
Linux linux.local 3.13.0-sabayon #1 SMP Sun Mar 16 03:29:10 UTC 2014
x86_64 Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz GenuineIntel GNU/Linux
}}}
Expected behaviour
WordPress.com delivers content with higher encryption transport activated.
Actual behaviour
Some WordPress.com blogs aren't reachable anymore. Surfing on them raises
an page load error (Connection refused).
A reset to default values does not fix the issue. Only WordPress.com blogs
are affected. However, after upgrading Firefox to v28 I can reach at least
some WordPress.com blogs again.
I've already cleared cache and cookies with no effect.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27607>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list