View Issue Details

IDProjectCategoryView StatusLast Update
0001346Main CAcert Websitemiscpublic2015-01-25 20:29
ReporterMathias Assigned Tojandd  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version2014 Q4 
Target Version2014 Q4 
Summary0001346: irc.cacert.org SSL/TLS configuration rated grade F on SSL Labs.
DescriptionHi!

SSL/TLS issues on irc.cacert.org:
- SSLv3 enabled (POODLE)
- RC4 enabled
- OpenSSL CCS vulnerable (CVE-2014-0224)

For short: very, very bad :-(

Please see
https://lists.cacert.org/wws/arc/cacert-sysadm/2014-12/msg00000.html

Thanks for looking into this issue.

Mathias
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

child of 0001241 solved?jandd cacert.org SSL/TLS configuration is bad on many levels 

Activities

Mathias

2014-12-14 11:51

reporter  

jandd

2014-12-23 21:40

administrator   ~0005196

started work

jandd

2014-12-23 22:14

administrator  

_irc_cacert.pdf (686,275 bytes)

jandd

2014-12-23 22:14

administrator   ~0005198

configured lighttpd to get a grade A

jandd

2014-12-23 22:33

administrator   ~0005199

oftc-ircd has only crappy configurability, I found no way to setup proper TLS protocols and ciphersuites for ircd

Mathias

2015-01-25 17:31

reporter   ~0005267

Hm, oftc-ircd (or some other ircd) possibly needs some further examination.
Closed, thanks.

BenBE

2015-01-25 20:29

updater   ~0005275

@jandd: There's a wrapper for OpenSSL to enforce parameters from outside. Can post you links if interested. Works as LD_PRELOAD.

Issue History

Date Modified Username Field Change
2014-12-14 11:51 Mathias New Issue
2014-12-14 11:51 Mathias File Added: SSL_Labs-irc.cacer.org-grade_F-20141214.pdf
2014-12-14 11:57 Mathias Relationship added child of 0001241
2014-12-23 20:18 BenBE Assigned To => jandd
2014-12-23 20:18 BenBE Status new => needs work
2014-12-23 20:18 BenBE Product Version => 2014 Q4
2014-12-23 20:18 BenBE Target Version => 2014 Q4
2014-12-23 21:40 jandd Note Added: 0005196
2014-12-23 21:40 jandd Status needs work => confirmed
2014-12-23 22:14 jandd File Added: _irc_cacert.pdf
2014-12-23 22:14 jandd Note Added: 0005198
2014-12-23 22:33 jandd Note Added: 0005199
2014-12-23 22:33 jandd Status confirmed => solved?
2014-12-23 22:33 jandd Resolution open => fixed
2015-01-25 17:31 Mathias Note Added: 0005267
2015-01-25 17:31 Mathias Status solved? => closed
2015-01-25 20:29 BenBE Note Added: 0005275