View Issue Details

IDProjectCategoryView StatusLast Update
0001370Infrastructuregeneralpublic2015-02-08 09:23
ReporterMathiasAssigned To 
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Summary0001370: jenkins.cacert.org SSL/TLS configuration rated grade C on SSL Labs
DescriptionHi!

On the new server jenkins.cacert.org there are several TLS/SSL issues:
- SSLv3 enabled (vulnerable to POODLE)
- RC4 enabled

For short, the situation is very bad :-(

Please see
https://lists.cacert.org/wws/arc/cacert-sysadm/2014-12/msg00000.html [^]

Thanks for looking into this issue.

Kind regards
Mathias
TagsNo tags attached.

Relationships

child of 0001241 needs feedbackjandd Main CAcert Website cacert.org SSL/TLS configuration is bad on many levels 

Activities

Mathias

2015-02-07 20:45

reporter  

SSL_Labs-jenkins.cacert.org-grade_C-20150207.pdf (104,164 bytes)

jandd

2015-02-07 22:01

administrator   ~0005308

jenkins is proxied via web.cacert.org aka www.cacert.eu, TLS is terminated at web.cacert.org and must be fixed there

jandd

2015-02-07 22:12

administrator   ~0005309

fixed Apache config on web.cacert.org:

SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES:!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3

we now get an A result (besides trust issues) for the VirtualHosts located there

https://www.ssllabs.com/ssltest/analyze.html?d=cacert.eu
https://www.ssllabs.com/ssltest/analyze.html?d=jenkins.cacert.org
https://www.ssllabs.com/ssltest/analyze.html?d=funding.cacert.org

Mathias

2015-02-08 09:23

reporter   ~0005312

Checked {funding,jenkins}.cacert.org and cacert.eu. So this issue can be closed. Thanks.

Issue History

Date Modified Username Field Change
2015-02-07 20:45 Mathias New Issue
2015-02-07 20:45 Mathias Assigned To => jandd
2015-02-07 20:45 Mathias File Added: SSL_Labs-jenkins.cacert.org-grade_C-20150207.pdf
2015-02-07 20:46 Mathias Relationship added child of 0001241
2015-02-07 22:01 jandd Note Added: 0005308
2015-02-07 22:12 jandd Note Added: 0005309
2015-02-07 22:12 jandd Status new => needs review & testing
2015-02-07 22:13 jandd Assigned To jandd =>
2015-02-08 09:23 Mathias Note Added: 0005312
2015-02-08 09:23 Mathias Status needs review & testing => closed
2015-02-08 09:23 Mathias Resolution open => fixed