SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers

Matthew Huff mhuff at ox.com
Thu Jul 16 15:45:20 UTC 2015


Just ran into this issue this morning. The SEC requires companies to file EDGAR reports on https://edgarfiling.sec.gov. The newer versions of Firefox won't let you access the webpages without manually going into about:config and re-enabling the weak ciphers. Given the recent issue with the OPM, I would think this would be a very bad follow-up if the SEC got hacked.

SSLLabs gives the website an "F". IE 11 won't work either (for other reasons).  https://www.ssllabs.com/ssltest/analyze.html?d=edgarfiling.sec.gov

The website looks like it was designed in the '90s. I've tried to reach out to their contacts (webmaster, oig, etc...) but haven't gotten a reply yet. It's possible that I might get a reply eventually, but does anyone have any direct contacts at the SEC?


----
Matthew Huff             | 1 Manhattanville Rd
Director of Operations   | Purchase, NY 10577
OTA Management LLC       | Phone: 914-460-4039
aim: matthewbhuff        | Fax:   914-694-5669




More information about the NANOG mailing list