View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001303 | CATS.cacert.org | Other | public | 2014-09-07 15:10 | 2015-01-25 21:08 |
| Reporter | sebix | Assigned To | jandd | ||
| Priority | high | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | Main CAcert Website | OS | N/A | OS Version | stable |
| Product Version | production | ||||
| Fixed in Version | production | ||||
| Summary | 0001303: TLS of cats.cacert.org is weak and outdated | ||||
| Description | The supported Ciphers used include RC2, RC4, DES and DES40. The support for Forward Secrecy not complete. The used OpenSSL is vulnerable to CVE-2014-0224 (which does not mean it's attackable), so the lib hasn't been updated since mid of June 2014. For state-of-the-art crypto in TLS, I recommend using 'Applied Crypto Hardening' by https://bettercrypto.org | ||||
| Steps To Reproduce | Got to https://www.ssllabs.com/ssltest/analyze.html?d=cats.cacert.org or view encryption details otherwise | ||||
| Tags | No tags attached. | ||||
|
|
This needs to be handled by cats-admin@cacert.org and/or infrastructure-admin@cacert.org. |
|
|
Infrastructure sysadmins have corrected the SSL configuration of cats.cacert.org on October 21, 2014. The resulting system scores (aside from the trust issue) a quite positive result for the Qualys SSL Labs server test. The test report of Octobe 22, 2014 will be attached separately. |
|
|
|
|
|
See https://www.ssllabs.com/ssltest/analyze.html?d=cats.cacert.org Closed, thanks. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-09-07 15:10 | sebix | New Issue | |
| 2014-09-07 15:10 | sebix | Relationship added | child of 0001241 |
| 2014-10-22 13:17 | wytze | Note Added: 0005069 | |
| 2014-10-22 13:17 | wytze | Assigned To | => jandd |
| 2014-10-22 13:17 | wytze | Status | new => confirmed |
| 2014-10-22 13:19 | wytze | Note Added: 0005070 | |
| 2014-10-22 13:19 | wytze | Status | confirmed => solved? |
| 2014-10-22 13:19 | wytze | Fixed in Version | => production |
| 2014-10-22 13:19 | wytze | Resolution | open => fixed |
| 2014-10-22 13:20 | wytze | File Added: SSLLabsreport-cats.cacert.org-20141022.pdf | |
| 2015-01-25 21:08 | Mathias | Note Added: 0005277 | |
| 2015-01-25 21:08 | Mathias | Status | solved? => closed |
