View Issue Details

IDProjectCategoryView StatusLast Update
0001342Main CAcert Websitepublic2014-12-14 11:37
ReporterMathiasAssigned To 
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version 
Target VersionFixed in Version 
Summary0001342: wiki.cacert.org still offers SSLv3
DescriptionHi!

As of today and after the update on Dec 1, wiki.cacert.org still offers SSLv3 and therefore is still vulnerable to the POODLE attack. Has this server be forgotten?

Thanks for looking into this.

Mathias
Additional Information- https://www.ssllabs.com/ssltest/analyze.html?d=wiki.cacert.org
- https://wiki.cacert.org/SSLScanner
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

child of 0001241 needs feedbackjandd cacert.org SSL/TLS configuration is bad on many levels 

Activities

Mathias

2014-12-11 16:40

reporter   ~0005164

This issue seems to be related to 0001341. (Because of missing permissions I cannot enter this relationship in Mantis.)

sebix

2014-12-14 10:39

reporter   ~0005170

Checking it today shows a very good rating for wiki.cacert.org, it's supporting TLS only. I guess this has been solved meanwhile?

Mathias

2014-12-14 11:36

reporter   ~0005172

Yes, I can confirm this for wiki.cacert.org as an external user doing some checks and scans. It seems that the mail of Wytze van der Raay on cacert-sysadm@lists.cacert.org yesterday [1] was successfull. Although there are still some open issues :-(

I try to close this issue (and I hope it will work).

[1] https://lists.cacert.org/wws/arc/cacert-sysadm/2014-12/msg00000.html

Mathias

2014-12-14 11:37

reporter   ~0005173

Scanning wiki.cacert.org on 14 Dec 2014 caused no further problems.

Issue History

Date Modified Username Field Change
2014-12-11 16:37 Mathias New Issue
2014-12-11 16:38 Mathias Relationship added child of 0001241
2014-12-11 16:40 Mathias Note Added: 0005164
2014-12-14 10:39 sebix Note Added: 0005170
2014-12-14 11:36 Mathias Note Added: 0005172
2014-12-14 11:37 Mathias Note Added: 0005173
2014-12-14 11:37 Mathias Status new => closed
2014-12-14 11:37 Mathias Resolution open => fixed