View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001370 | Infrastructure | general | public | 2015-02-07 20:45 | 2015-02-08 09:23 |
Reporter | Mathias | Assigned To | |||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Summary | 0001370: jenkins.cacert.org SSL/TLS configuration rated grade C on SSL Labs | ||||
Description | Hi! On the new server jenkins.cacert.org there are several TLS/SSL issues: - SSLv3 enabled (vulnerable to POODLE) - RC4 enabled For short, the situation is very bad :-( Please see https://lists.cacert.org/wws/arc/cacert-sysadm/2014-12/msg00000.html [^] Thanks for looking into this issue. Kind regards Mathias | ||||
Tags | No tags attached. | ||||
|
|
|
jenkins is proxied via web.cacert.org aka www.cacert.eu, TLS is terminated at web.cacert.org and must be fixed there |
|
fixed Apache config on web.cacert.org: SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES:!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL SSLHonorCipherOrder on SSLProtocol all -SSLv2 -SSLv3 we now get an A result (besides trust issues) for the VirtualHosts located there https://www.ssllabs.com/ssltest/analyze.html?d=cacert.eu https://www.ssllabs.com/ssltest/analyze.html?d=jenkins.cacert.org https://www.ssllabs.com/ssltest/analyze.html?d=funding.cacert.org |
|
Checked {funding,jenkins}.cacert.org and cacert.eu. So this issue can be closed. Thanks. |
Date Modified | Username | Field | Change |
---|---|---|---|
2015-02-07 20:45 | Mathias | New Issue | |
2015-02-07 20:45 | Mathias | Assigned To | => jandd |
2015-02-07 20:45 | Mathias | File Added: SSL_Labs-jenkins.cacert.org-grade_C-20150207.pdf | |
2015-02-07 20:46 | Mathias | Relationship added | child of 0001241 |
2015-02-07 22:01 | jandd | Note Added: 0005308 | |
2015-02-07 22:12 | jandd | Note Added: 0005309 | |
2015-02-07 22:12 | jandd | Status | new => needs review & testing |
2015-02-07 22:13 | jandd | Assigned To | jandd => |
2015-02-08 09:23 | Mathias | Note Added: 0005312 | |
2015-02-08 09:23 | Mathias | Status | needs review & testing => closed |
2015-02-08 09:23 | Mathias | Resolution | open => fixed |