Friday, March 09, 2007

www.vodafone.net does not work with IE7 or FF2

Today I discovered that www.vodafone.net does not work with IE7 on Vista or FF2. It works OK in IE6. This is because the site uses 40 bit MD5 encryption which (along with 56 bit) has been discontinued in IE7 and FF2 because it is too insecure.

If you want to access the site you can use Firefox 2 and type about:config into the location bar and press enter. Find the setting security.ssl3.rsa_rc2_40_md5 and double-click on it to change its value to true.

I cannot find a solution for IE7 from the client end. Vodafone simply need to replace the totally insecure 40 bit encryption on their servers.

I cannot believe that Vodafone can run a 'secure' site that relies on obsolete 40 bit encryption.

1 comment:

Andrew Jones said...

I'm glad to note that Vodafone have updated their HTTPS security certificate so the site now works in IE7 on Vista.