View Issue Details

IDProjectCategoryView StatusLast Update
0001241Main CAcert Websitemiscpublic2020-06-27 12:18
Reporterhanno Assigned Tojandd  
Status solved?Resolutionreopened 
Summary0001241: SSL/TLS configuration is bad on many levels
DescriptionI just had a look how the webpage performs in its SSL/TLS-Settings. See the Qualys SSL test:

It's very bad. Issues that should be adressed:
* It doesn't support TLS 1.1 and TLS 1.2. There have been various issues with older TLS versions due to the crappy way it combines CBC and MAC, so everyone these days recommends to support TLS 1.2 with GCM.
* It uses RC4 and MD5 as it's first cipher. RC4 should be avoided and MD5 has been extremely broken for a very very long time.
* It doesn't ship the class3 as a certificate chain, so people importing the cacert root in their browser will still not see the page cert as valid.
* Only very limited support for Perfect Forward Secrecy.
* DH key exchange with 1024 bit only.

I can give more details and explanations for each of those issues if needed.
TagsNo tags attached.
Attached Files
Reviewed by
Test Instructions


parent of 0001303 closedjandd TLS of is weak and outdated 
parent of 0001314 closedwytze Main CAcert Website SSL/TLS support for SSL3 protocol and 3DES cipher suite should be disabled 
parent of 0001342 closed Main CAcert Website still offers SSLv3 
parent of 0001346 closedjandd Main CAcert Website SSL/TLS configuration rated grade F on SSL Labs. 
parent of 0001347 closedjandd Main CAcert Website SSL/TLS configuration rated grade F on SSL Labs 
parent of 0001348 closedjandd Main CAcert Website SSL/TLS configuration rated grade B on SSL Labs 
parent of 0001349 closedNEOatNHNG Infrastructure SSL/TLS configuration rated grade C on SSL Labs 
parent of 0001350 solved?jandd Main CAcert Website {community,email} SSL/TLS configuration rated grade F on SSL Labs 
parent of 0001351 closedjandd Main CAcert Website {community,email} SSL/TLS configuration for SMTP is completely insecure 
parent of 0001352 closedjandd Main CAcert Website SSL/TLS configuration for SMTP is completely insecure 
parent of 0001353 closedNEOatNHNG {l10,translations} SSL/TLS configuration rated grade C on SSL Labs 
parent of 0001370 closed Infrastructure SSL/TLS configuration rated grade C on SSL Labs 
related to 0001262 closedwytze Main CAcert Website SslLabs B rating (if trust issues are ignored) for SSL/TLS setup 
related to 0001301 closedNEOatNHNG Main CAcert Website sanitizeHTML function converts input which contains non-ascii characters to an empty string 



2014-03-10 18:09

administrator   ~0004626

Cipher suite configuration should probably changed to something like

# CAcert cipher suite configuration
SSLHonorCipherOrder on

That doesn't solve the TLS 1.1/1.2 issue, that needs a system upgrade.

The class3 certificate is not needed in the chain because the certificate is directly signed by the root.

DH keys with more than 1024 bit are only available in Apache >=2.4.7. Otherwise we would need to patch it ourselves and I wouldn't go down that road right now. That's why in the above cipher spec ECDH is preferred over DH because there the EC key size offers more security than 1024 bit DH. Once Apache 2.4.7 is deployed we should probably switch those because of some uncertainties in EC.


2014-03-11 23:08

administrator   ~0004635

New cipher suite configuration was deployed. More ciphers will be available after system update.


2014-07-13 12:32

reporter   ~0004885

I'm surprised that this has been closed as most issues I mentioned are not fixed at all.

Also, it seems currently the webpage is vulnerable to the CCS injection bug. (it is not THAT severe, because the known attacks only affect newer openssl-versions, but still Adam Langley pointed out that there are likely other attacks without that limitation).


2014-09-07 14:10

reporter   ~0004990 has an F-rating: And uses an outdated OpenSSL-Version from prior to June 2014 (nearly 3 full months ago!), as it's affected by CVE-2014-0224. It includes ciphers like RC2, RC4, DES, DES40. and only provide up to TLS1.0: uses a cert for uses a cert from

For state-of-the-art crypto in TLS I recommend using 'Applied Crypto Hardening' by

CaCert is a showcase project on how crypto should be done and represents an important part of the Web of trust. On the other hand it uses vulnerable and weak crypto on some subdomains.


2014-09-07 14:39

developer   ~0004991

Please note that this bug primarily concerns and For these services, we are waiting on the approval of a fairly trivial application bug fix, after which we can re-do the upgrade of the chroot OS environment to Debian Wheezy -- including *much* better openssl support, which will make a considerable rating difference. Still, even without that upgrade, the current SSL Labs rating of these services is "B" when we disregard the trust issue -- an issue, which can only be resolved by getting the CAcert root certificate included in major browser distributions.

For, SSL is fairly unimportant: we are receiving ZERO real OCSP requests over SSL (https). The https channel is only used by a few sites trying to establish the security of the site it seems (140 reqs in one full month ...). Still, the "B" rating (again disregarding the trust issue) is fairly decent. We can probably improve it by upgrading the OS to a more recent version. is another category: this system is not managed by the critical system admin team. Please file a separate bug for this system, so the problem can be assigned to the appropriate sysadmin. At first look, it would seem that a simple reconfig of the Apache webserver there would make a major difference. You could also e-mail directly.


2014-09-07 15:24

reporter   ~0004992

Thanks for the response and the explanations, so this issue currently blocked by 0001260.
For I filed a separate issue, referencing this one.


2014-09-07 15:41

developer   ~0004993

This issue is specifically blocked by has a much wider scope, we don't have to wait for a full fix of that one to address the current issue.


2014-10-18 10:49

developer   ~0005056

By upgrading the CAcert chroot application environment to Debian Wheezy on October 17, 2014 (see, the SSL support of the main webserver has been brought up-to-date. While there is still scope for improvement (e.g. dropping SSLv3 protocol support, dropping 3DES cipher support), the issues raised in this bug entry appear to have been resolved. I will add a note with the current report from for


2014-10-18 10:52

developer   ~0005057

Check the attached file for the SSLLabs report for on October 18, 2014.


2014-10-19 15:24

reporter   ~0005059

This issue has now been closed the second time without being fixed. It's getting ridiculous.

Unfixed and mentioned in the original report:
* DH key exchange with insecure length

Other issues:
* No ocsp stapling
* SSLv3 is enabled. If you haven't heard it: SSLv3 is insecure. Completely. This wasn't such a big issue when this bug was opened, but we know better now (POODLE attack 4 days ago)


2014-10-19 16:04

developer   ~0005060

I did not close the issue, but only reported a significant fix, setting status to "solved?" (note the question mark). Another evaluation would have to take place before the issue could be closed. Evidently it cannot be closed yet.

As for the issues mentioned:
* DH key exchange with insecure length
- DH key length was indeed not addressed by the reported fix.
  Increasing the key length is desirable of course, but currently we are limited
  by the options of the deployed software: Debian Stable (Wheezy) with Apache2
  2.2.22. This will have to wait until Debian Jessy gets promoted to Stable.
* No OCSP stapling
- Not mentioned in the original issue. I agree that OCSP stapling is a nice
  feature to have, but again we are limited by Debian/Apache. OCSP stapling is
  supported from Apache 2.3.3 onwards I think, so again Debian Jessy will be
* SSLv3 is enabled
- Yes, it is and will remain so for another while because we are visited by
  clients with MSIE 6.0, which we must support. But we are planning to phase
  them out. In the meantime, we can recommend everyone to use a contemporary
  browser to visit; such browsers will support TLS_FALLBACK_SCSV,
  which we also support at the server side, so they are protected against
  unintended protocol downgrades.


2014-10-20 13:22

developer   ~0005061

The SSLv3 issue has been split off in a separate issue:


2014-12-01 15:22

developer   ~0005139

On December 1, 2014, support for SSL3 and 3DES has been disabled on the CAcert webserver, and HSTS has been enabled for additional security hardening.
Check for details

Other options mentioned by the reporter of this issue:
- DH key length
- OCSP Stapling
are still waiting for the Debian project promoting Jessy to stable.


2014-12-01 15:23

developer   ~0005140

Check the attached file for the SSLLabs report for on December 1, 2014.


2014-12-14 10:47

reporter   ~0005171

If I haven't overseen something, this issue has been successfully solved for most sites.
However, still supports SSL3 (but all TLS versions up to 1.2) and anonymous ciphers, and the cipher preference could be better. See for more details.


2014-12-14 13:36

reporter   ~0005174


To summarize things, I checked the situation on the following hosts that I know:

- seems OK
- NOT OK, see 0001349
- seems OK
- seems OK
- NOT OK, see 0001350 (HTTPS), 0001351 (SMTP via STARTTLS) - sorry for using the same subject (copy&paste error)
- seems OK
- NOT OK, see 0001346
- seems OK
- NOT OK, see 0001347 (HTTPS), 0001352 (SMTP via STARTTLS)
- seems OK
- NOT OK, see 0001348
- NOT OK, see 0001353
- seems OK
- seems OK

Are there any hosts missing?

I think it's too early for the "all clear" signal...

If there's a possibility to help in further examining *and* fixing these issues, please give me a hint.



2019-01-24 11:36

developer   ~0005749

Reassigning this to jandd because the only issue blocking closing this one is 0001350, which is assigned to jandd.


2020-06-27 12:18

administrator   ~0005889

issues with email certificates have been resolved

Issue History

Date Modified Username Field Change
2014-01-27 12:41 hanno New Issue
2014-03-10 18:09 NEOatNHNG Note Added: 0004626
2014-03-10 18:10 NEOatNHNG Assigned To => wytze
2014-03-10 18:10 NEOatNHNG Status new => needs work
2014-03-11 23:08 NEOatNHNG Note Added: 0004635
2014-03-11 23:08 NEOatNHNG Status needs work => solved?
2014-03-11 23:08 NEOatNHNG Fixed in Version => 2014 Q1
2014-03-11 23:08 NEOatNHNG Resolution open => fixed
2014-04-01 21:37 NEOatNHNG Relationship added related to 0001262
2014-07-01 21:56 INOPIAE Status solved? => closed
2014-07-13 12:32 hanno Note Added: 0004885
2014-07-13 12:32 hanno Status closed => needs feedback
2014-07-13 12:32 hanno Resolution fixed => reopened
2014-09-07 14:10 sebix Note Added: 0004990
2014-09-07 14:10 sebix Priority normal => high
2014-09-07 14:10 sebix Severity minor => major
2014-09-07 14:39 wytze Note Added: 0004991
2014-09-07 15:10 sebix Relationship added parent of 0001303
2014-09-07 15:24 sebix Note Added: 0004992
2014-09-07 15:24 sebix Relationship added related to 0001260
2014-09-07 15:37 wytze Relationship added related to 0001301
2014-09-07 15:41 wytze Note Added: 0004993
2014-10-18 10:44 wytze Relationship deleted related to 0001260
2014-10-18 10:49 wytze Note Added: 0005056
2014-10-18 10:49 wytze Status needs feedback => solved?
2014-10-18 10:49 wytze Fixed in Version 2014 Q1 => 2014 Q4
2014-10-18 10:49 wytze Resolution reopened => fixed
2014-10-18 10:50 wytze File Added: CAcert-SSLLabsreport-20141018.pdf
2014-10-18 10:52 wytze Note Added: 0005057
2014-10-19 15:24 hanno Note Added: 0005059
2014-10-19 15:24 hanno Status solved? => needs feedback
2014-10-19 15:24 hanno Resolution fixed => reopened
2014-10-19 16:04 wytze Note Added: 0005060
2014-10-20 13:20 wytze Relationship added parent of 0001314
2014-10-20 13:22 wytze Note Added: 0005061
2014-12-01 15:22 wytze Note Added: 0005139
2014-12-01 15:22 wytze File Added: CAcert-SSLLabsreport-20141201.pdf
2014-12-01 15:23 wytze Note Added: 0005140
2014-12-11 16:38 Mathias Relationship added parent of 0001342
2014-12-14 10:47 sebix Note Added: 0005171
2014-12-14 11:57 Mathias Relationship added parent of 0001346
2014-12-14 11:58 Mathias Relationship added parent of 0001347
2014-12-14 12:13 Mathias Relationship added parent of 0001348
2014-12-14 12:25 Mathias Relationship added parent of 0001349
2014-12-14 12:39 Mathias Relationship added parent of 0001350
2014-12-14 12:51 Mathias Relationship added parent of 0001351
2014-12-14 13:07 Mathias Relationship added parent of 0001352
2014-12-14 13:21 Mathias Relationship added parent of 0001353
2014-12-14 13:36 Mathias Note Added: 0005174
2015-02-07 20:46 Mathias Relationship added parent of 0001370
2019-01-24 11:35 wytze Assigned To wytze => jandd
2019-01-24 11:36 wytze Note Added: 0005749
2020-06-27 12:18 jandd Status needs feedback => solved?
2020-06-27 12:18 jandd Fixed in Version 2014 Q4 =>
2020-06-27 12:18 jandd Note Added: 0005889