AnsweredAssumed Answered

minor bug in RC4 message logic for TLS 1.0 only server

Question asked by Dave Garrett on Dec 4, 2014
Latest reply on Dec 5, 2014 by Ivan Ristić

So, T-Mobile fixed their site... again. (it had regressed) Now they're TLS 1.0 only instead of SSL3 only. In reading the full report, I found a minor bug in the "Protocol Details" section. It says:

RC4      Yes (not with TLS 1.1 and newer) (more info)

The server does not support TLS 1.1 or newer, so that parenthetical is not relevant. I think that's in there for cases where a server supports RC4 but only on old versions of TLS for backwards compatibility. In this case that's all there is, so it should just say "Yes" in orange like the other issues.

Outcomes