View Issue Details

IDProjectCategoryView StatusLast Update
0001303CATS.cacert.orgOtherpublic2015-01-25 21:08
ReportersebixAssigned Tojandd 
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
PlatformMain CAcert WebsiteOSN/AOS Versionstable
Product Versionproduction 
Target VersionFixed in Versionproduction 
Summary0001303: TLS of cats.cacert.org is weak and outdated
DescriptionThe supported Ciphers used include RC2, RC4, DES and DES40. The support for Forward Secrecy not complete. The used OpenSSL is vulnerable to CVE-2014-0224 (which does not mean it's attackable), so the lib hasn't been updated since mid of June 2014.

For state-of-the-art crypto in TLS, I recommend using 'Applied Crypto Hardening' by https://bettercrypto.org
Steps To ReproduceGot to https://www.ssllabs.com/ssltest/analyze.html?d=cats.cacert.org or view encryption details otherwise
TagsNo tags attached.

Relationships

child of 0001241 needs feedbackjandd Main CAcert Website cacert.org SSL/TLS configuration is bad on many levels 

Activities

wytze

2014-10-22 13:17

developer   ~0005069

This needs to be handled by cats-admin@cacert.org and/or infrastructure-admin@cacert.org.

wytze

2014-10-22 13:19

developer   ~0005070

Infrastructure sysadmins have corrected the SSL configuration of cats.cacert.org on October 21, 2014. The resulting system scores (aside from the trust issue) a quite positive result for the Qualys SSL Labs server test. The test report of Octobe 22, 2014 will be attached separately.

wytze

2014-10-22 13:20

developer  

SSLLabsreport-cats.cacert.org-20141022.pdf (112,991 bytes)

Mathias

2015-01-25 21:08

reporter   ~0005277

See https://www.ssllabs.com/ssltest/analyze.html?d=cats.cacert.org

Closed, thanks.

Issue History

Date Modified Username Field Change
2014-09-07 15:10 sebix New Issue
2014-09-07 15:10 sebix Relationship added child of 0001241
2014-10-22 13:17 wytze Note Added: 0005069
2014-10-22 13:17 wytze Assigned To => jandd
2014-10-22 13:17 wytze Status new => confirmed
2014-10-22 13:19 wytze Note Added: 0005070
2014-10-22 13:19 wytze Status confirmed => solved?
2014-10-22 13:19 wytze Fixed in Version => production
2014-10-22 13:19 wytze Resolution open => fixed
2014-10-22 13:20 wytze File Added: SSLLabsreport-cats.cacert.org-20141022.pdf
2015-01-25 21:08 Mathias Note Added: 0005277
2015-01-25 21:08 Mathias Status solved? => closed