Follow up with ISB on dev.bcregistry.ca security warning

[severinbeauvais]

Description:

When browsing to dev.bcregistry.ca/cooperatives using Firefox, a "Connection is Not Secure" icon is displayed in the URL, and the connection details describe "broken encryption" as per the following screenshot.

This is likely something that ISB needs to fix. This ticket is to follow up with ISB to get this fixed.

Dependencies
ISB needs to fix this.

Acceptance Criteria
No security warning (as described above).

Validation Rules
N/A

Ready to Build (DoR):

• Stakeholders have approved
• User story completed
• What are the dependencies
• Validation rules defined (UI, Data, Role-Action)
• Is a formal UAT required

Acceptance / DoD:

• Design / Solution accepted by Product Owner
• Acceptance criteria has been defined (happy path, known sad paths)
• Test coverage acceptable
• Peer Reviewed
• Accessibility reviewed and acceptable checklist
• UX Approved
• PR Accepted
• Production burn in completed

[JohnamLane]

Took a quick look in production and the warning doesn't show using Firefox.

[saravankumarpa]

@JohnamLane so can this be closed?

[JohnamLane]

I can confirm that Chrome doesn't show any warnings in prod either. Based on this info, a PO or a dev can confirm if this can be closed, or if any other investigation is needed. i personally don't know enough about this issue to confirm closing.

[severinbeauvais]

In ticket #2198, @WalterMoar wrote:

WAM has five tickets open for this, due to the variety of applications behind *.bcregistry.ca. To make it easier on WAM we're closing ours and letting Dave McKinnon deal with it, since he has the oldest servers hosting the highest profile applications.

Yes, it's due to both the TLS version, as well as the cipher suite in use). Chrome 81 (March 17) will not allow access to TLS1.0 and TLS1.1 sites. Likewise Firefox 74 (March 10).

So I'm closing this ticket.