View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001241 | Main CAcert Website | misc | public | 2014-01-27 12:41 | 2020-06-27 12:18 |
Reporter | hanno | Assigned To | jandd | ||
Priority | high | Severity | major | Reproducibility | always |
Status | solved? | Resolution | reopened | ||
Summary | 0001241: cacert.org SSL/TLS configuration is bad on many levels | ||||
Description | I just had a look how the cacert.org webpage performs in its SSL/TLS-Settings. See the Qualys SSL test: https://www.ssllabs.com/ssltest/analyze.html?d=cacert.org It's very bad. Issues that should be adressed: * It doesn't support TLS 1.1 and TLS 1.2. There have been various issues with older TLS versions due to the crappy way it combines CBC and MAC, so everyone these days recommends to support TLS 1.2 with GCM. * It uses RC4 and MD5 as it's first cipher. RC4 should be avoided and MD5 has been extremely broken for a very very long time. * It doesn't ship the class3 as a certificate chain, so people importing the cacert root in their browser will still not see the page cert as valid. * Only very limited support for Perfect Forward Secrecy. * DH key exchange with 1024 bit only. I can give more details and explanations for each of those issues if needed. | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
Reviewed by | |||||
Test Instructions | |||||
parent of | 0001303 | closed | jandd | CATS.cacert.org | TLS of cats.cacert.org is weak and outdated |
parent of | 0001314 | closed | wytze | Main CAcert Website | SSL/TLS support for SSL3 protocol and 3DES cipher suite should be disabled |
parent of | 0001342 | closed | Main CAcert Website | wiki.cacert.org still offers SSLv3 | |
parent of | 0001346 | closed | jandd | Main CAcert Website | irc.cacert.org SSL/TLS configuration rated grade F on SSL Labs. |
parent of | 0001347 | closed | jandd | Main CAcert Website | list.cacert.org SSL/TLS configuration rated grade F on SSL Labs |
parent of | 0001348 | closed | jandd | Main CAcert Website | svn.cacert.org SSL/TLS configuration rated grade B on SSL Labs |
parent of | 0001349 | closed | NEOatNHNG | Infrastructure | board.cacert.org SSL/TLS configuration rated grade C on SSL Labs |
parent of | 0001350 | solved? | jandd | Main CAcert Website | {community,email}.cacert.org SSL/TLS configuration rated grade F on SSL Labs |
parent of | 0001351 | closed | jandd | Main CAcert Website | {community,email}.cacert.org SSL/TLS configuration for SMTP is completely insecure |
parent of | 0001352 | closed | jandd | Main CAcert Website | list.cacert.org SSL/TLS configuration for SMTP is completely insecure |
parent of | 0001353 | closed | NEOatNHNG | translations.cacert.org | {l10,translations}.cacert.org SSL/TLS configuration rated grade C on SSL Labs |
parent of | 0001370 | closed | Infrastructure | jenkins.cacert.org SSL/TLS configuration rated grade C on SSL Labs | |
related to | 0001262 | closed | wytze | Main CAcert Website | SslLabs B rating (if trust issues are ignored) for cacert.org SSL/TLS setup |
related to | 0001301 | closed | NEOatNHNG | Main CAcert Website | sanitizeHTML function converts input which contains non-ascii characters to an empty string |
|
Cipher suite configuration should probably changed to something like # CAcert cipher suite configuration SSLHonorCipherOrder on SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:+3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL That doesn't solve the TLS 1.1/1.2 issue, that needs a system upgrade. The class3 certificate is not needed in the chain because the certificate is directly signed by the root. DH keys with more than 1024 bit are only available in Apache >=2.4.7. Otherwise we would need to patch it ourselves and I wouldn't go down that road right now. That's why in the above cipher spec ECDH is preferred over DH because there the EC key size offers more security than 1024 bit DH. Once Apache 2.4.7 is deployed we should probably switch those because of some uncertainties in EC. |
|
New cipher suite configuration was deployed. More ciphers will be available after system update. |
|
I'm surprised that this has been closed as most issues I mentioned are not fixed at all. Also, it seems currently the webpage is vulnerable to the CCS injection bug. (it is not THAT severe, because the known attacks only affect newer openssl-versions, but still Adam Langley pointed out that there are likely other attacks without that limitation). |
|
cats.cacert.org has an F-rating: https://www.ssllabs.com/ssltest/analyze.html?d=cats.cacert.org And uses an outdated OpenSSL-Version from prior to June 2014 (nearly 3 full months ago!), as it's affected by CVE-2014-0224. It includes ciphers like RC2, RC4, DES, DES40. secure.cacert.org and ocsp.cacert.org only provide up to TLS1.0: https://www.ssllabs.com/ssltest/analyze.html?d=secure.cacert.org https://www.ssllabs.com/ssltest/analyze.html?d=ocsp.cacert.org infrastructure.cacert.org uses a cert for monitor.cacert.org finance.cacert.org uses a cert from board.cacert.org For state-of-the-art crypto in TLS I recommend using 'Applied Crypto Hardening' by https://bettercrypto.org CaCert is a showcase project on how crypto should be done and represents an important part of the Web of trust. On the other hand it uses vulnerable and weak crypto on some subdomains. |
|
Please note that this bug primarily concerns www.cacert.org and secure.cacert.org. For these services, we are waiting on the approval of a fairly trivial application bug fix, after which we can re-do the upgrade of the chroot OS environment to Debian Wheezy -- including *much* better openssl support, which will make a considerable rating difference. Still, even without that upgrade, the current SSL Labs rating of these services is "B" when we disregard the trust issue -- an issue, which can only be resolved by getting the CAcert root certificate included in major browser distributions. For ocsp.cacert.org, SSL is fairly unimportant: we are receiving ZERO real OCSP requests over SSL (https). The https channel is only used by a few sites trying to establish the security of the site it seems (140 reqs in one full month ...). Still, the "B" rating (again disregarding the trust issue) is fairly decent. We can probably improve it by upgrading the OS to a more recent version. cats.cacert.org is another category: this system is not managed by the critical system admin team. Please file a separate bug for this system, so the problem can be assigned to the appropriate sysadmin. At first look, it would seem that a simple reconfig of the Apache webserver there would make a major difference. You could also e-mail cats-admin@cacert.org directly. |
|
Thanks for the response and the explanations, so this issue currently blocked by 0001260. For cats.cacert.org I filed a separate issue, referencing this one. |
|
This issue is specifically blocked by https://bugs.cacert.org/view.php?id=1301. https://bugs.cacert.org/view.php?id=1260 has a much wider scope, we don't have to wait for a full fix of that one to address the current issue. |
|
By upgrading the CAcert chroot application environment to Debian Wheezy on October 17, 2014 (see https://lists.cacert.org/wws/arc/cacert-systemlog/2014-10/msg00007.html), the SSL support of the cacert.org main webserver has been brought up-to-date. While there is still scope for improvement (e.g. dropping SSLv3 protocol support, dropping 3DES cipher support), the issues raised in this bug entry appear to have been resolved. I will add a note with the current report from www.ssllabs.com for www.cacert.org. |
|
Check the attached file https://bugs.cacert.org/file_download.php?file_id=385&type=bug for the SSLLabs report for www.cacert.org on October 18, 2014. |
|
This issue has now been closed the second time without being fixed. It's getting ridiculous. Unfixed and mentioned in the original report: * DH key exchange with insecure length Other issues: * No ocsp stapling * SSLv3 is enabled. If you haven't heard it: SSLv3 is insecure. Completely. This wasn't such a big issue when this bug was opened, but we know better now (POODLE attack 4 days ago) |
|
I did not close the issue, but only reported a significant fix, setting status to "solved?" (note the question mark). Another evaluation would have to take place before the issue could be closed. Evidently it cannot be closed yet. As for the issues mentioned: * DH key exchange with insecure length - DH key length was indeed not addressed by the reported fix. Increasing the key length is desirable of course, but currently we are limited by the options of the deployed software: Debian Stable (Wheezy) with Apache2 2.2.22. This will have to wait until Debian Jessy gets promoted to Stable. * No OCSP stapling - Not mentioned in the original issue. I agree that OCSP stapling is a nice feature to have, but again we are limited by Debian/Apache. OCSP stapling is supported from Apache 2.3.3 onwards I think, so again Debian Jessy will be fine. * SSLv3 is enabled - Yes, it is and will remain so for another while because we are visited by clients with MSIE 6.0, which we must support. But we are planning to phase them out. In the meantime, we can recommend everyone to use a contemporary browser to visit www.cacert.org; such browsers will support TLS_FALLBACK_SCSV, which we also support at the server side, so they are protected against unintended protocol downgrades. |
|
The SSLv3 issue has been split off in a separate issue: https://bugs.cacert.org/view.php?id=1303 |
|
On December 1, 2014, support for SSL3 and 3DES has been disabled on the CAcert webserver, and HSTS has been enabled for additional security hardening. Check for details https://lists.cacert.org/wws/arc/cacert-systemlog/2014-12/msg00000.html Other options mentioned by the reporter of this issue: - DH key length - OCSP Stapling are still waiting for the Debian project promoting Jessy to stable. |
|
Check the attached file https://bugs.cacert.org/file_download.php?file_id=393&type=bug for the SSLLabs report for www.cacert.org on December 1, 2014. |
|
If I haven't overseen something, this issue has been successfully solved for most sites. However, lists.cacert.org still supports SSL3 (but all TLS versions up to 1.2) and anonymous ciphers, and the cipher preference could be better. See https://www.ssllabs.com/ssltest/analyze.html?d=lists.cacert.org for more details. |
|
Hi! To summarize things, I checked the situation on the following hosts that I know: - blog.cacert.org: seems OK - board.cacert.org: NOT OK, see 0001349 - bugs.cacert.org: seems OK - cats.cacert.org: seems OK - email.cacert.org: NOT OK, see 0001350 (HTTPS), 0001351 (SMTP via STARTTLS) - sorry for using the same subject (copy&paste error) - git.cacert.org: seems OK - irc.cacert.org: NOT OK, see 0001346 - issue.cacert.org: seems OK - lists.cacert.org: NOT OK, see 0001347 (HTTPS), 0001352 (SMTP via STARTTLS) - secure.cacert.org: seems OK - svn.cacert.org: NOT OK, see 0001348 - translations.cacert.org: NOT OK, see 0001353 - wiki.cacert.org: seems OK - www.cacert.org: seems OK Are there any hosts missing? I think it's too early for the "all clear" signal... If there's a possibility to help in further examining *and* fixing these issues, please give me a hint. Regards Mathias |
|
Reassigning this to jandd because the only issue blocking closing this one is 0001350, which is assigned to jandd. |
|
issues with email certificates have been resolved |
Date Modified | Username | Field | Change |
---|---|---|---|
2014-01-27 12:41 | hanno | New Issue | |
2014-03-10 18:09 | NEOatNHNG | Note Added: 0004626 | |
2014-03-10 18:10 | NEOatNHNG | Assigned To | => wytze |
2014-03-10 18:10 | NEOatNHNG | Status | new => needs work |
2014-03-11 23:08 | NEOatNHNG | Note Added: 0004635 | |
2014-03-11 23:08 | NEOatNHNG | Status | needs work => solved? |
2014-03-11 23:08 | NEOatNHNG | Fixed in Version | => 2014 Q1 |
2014-03-11 23:08 | NEOatNHNG | Resolution | open => fixed |
2014-04-01 21:37 | NEOatNHNG | Relationship added | related to 0001262 |
2014-07-01 21:56 | INOPIAE | Status | solved? => closed |
2014-07-13 12:32 | hanno | Note Added: 0004885 | |
2014-07-13 12:32 | hanno | Status | closed => needs feedback |
2014-07-13 12:32 | hanno | Resolution | fixed => reopened |
2014-09-07 14:10 | sebix | Note Added: 0004990 | |
2014-09-07 14:10 | sebix | Priority | normal => high |
2014-09-07 14:10 | sebix | Severity | minor => major |
2014-09-07 14:39 | wytze | Note Added: 0004991 | |
2014-09-07 15:10 | sebix | Relationship added | parent of 0001303 |
2014-09-07 15:24 | sebix | Note Added: 0004992 | |
2014-09-07 15:24 | sebix | Relationship added | related to 0001260 |
2014-09-07 15:37 | wytze | Relationship added | related to 0001301 |
2014-09-07 15:41 | wytze | Note Added: 0004993 | |
2014-10-18 10:44 | wytze | Relationship deleted | related to 0001260 |
2014-10-18 10:49 | wytze | Note Added: 0005056 | |
2014-10-18 10:49 | wytze | Status | needs feedback => solved? |
2014-10-18 10:49 | wytze | Fixed in Version | 2014 Q1 => 2014 Q4 |
2014-10-18 10:49 | wytze | Resolution | reopened => fixed |
2014-10-18 10:50 | wytze | File Added: CAcert-SSLLabsreport-20141018.pdf | |
2014-10-18 10:52 | wytze | Note Added: 0005057 | |
2014-10-19 15:24 | hanno | Note Added: 0005059 | |
2014-10-19 15:24 | hanno | Status | solved? => needs feedback |
2014-10-19 15:24 | hanno | Resolution | fixed => reopened |
2014-10-19 16:04 | wytze | Note Added: 0005060 | |
2014-10-20 13:20 | wytze | Relationship added | parent of 0001314 |
2014-10-20 13:22 | wytze | Note Added: 0005061 | |
2014-12-01 15:22 | wytze | Note Added: 0005139 | |
2014-12-01 15:22 | wytze | File Added: CAcert-SSLLabsreport-20141201.pdf | |
2014-12-01 15:23 | wytze | Note Added: 0005140 | |
2014-12-11 16:38 | Mathias | Relationship added | parent of 0001342 |
2014-12-14 10:47 | sebix | Note Added: 0005171 | |
2014-12-14 11:57 | Mathias | Relationship added | parent of 0001346 |
2014-12-14 11:58 | Mathias | Relationship added | parent of 0001347 |
2014-12-14 12:13 | Mathias | Relationship added | parent of 0001348 |
2014-12-14 12:25 | Mathias | Relationship added | parent of 0001349 |
2014-12-14 12:39 | Mathias | Relationship added | parent of 0001350 |
2014-12-14 12:51 | Mathias | Relationship added | parent of 0001351 |
2014-12-14 13:07 | Mathias | Relationship added | parent of 0001352 |
2014-12-14 13:21 | Mathias | Relationship added | parent of 0001353 |
2014-12-14 13:36 | Mathias | Note Added: 0005174 | |
2015-02-07 20:46 | Mathias | Relationship added | parent of 0001370 |
2019-01-24 11:35 | wytze | Assigned To | wytze => jandd |
2019-01-24 11:36 | wytze | Note Added: 0005749 | |
2020-06-27 12:18 | jandd | Status | needs feedback => solved? |
2020-06-27 12:18 | jandd | Fixed in Version | 2014 Q4 => |
2020-06-27 12:18 | jandd | Note Added: 0005889 |