View Issue Details

IDProjectCategoryView StatusLast Update
0001303CATS.cacert.orgOtherpublic2015-01-25 21:08
Reportersebix Assigned Tojandd  
Status closedResolutionfixed 
PlatformMain CAcert WebsiteOSN/AOS Versionstable
Product Versionproduction 
Fixed in Versionproduction 
Summary0001303: TLS of is weak and outdated
DescriptionThe supported Ciphers used include RC2, RC4, DES and DES40. The support for Forward Secrecy not complete. The used OpenSSL is vulnerable to CVE-2014-0224 (which does not mean it's attackable), so the lib hasn't been updated since mid of June 2014.

For state-of-the-art crypto in TLS, I recommend using 'Applied Crypto Hardening' by
Steps To ReproduceGot to or view encryption details otherwise
TagsNo tags attached.
Attached Files


child of 0001241 solved?jandd Main CAcert Website SSL/TLS configuration is bad on many levels 



2014-10-22 13:17

developer   ~0005069

This needs to be handled by and/or


2014-10-22 13:19

developer   ~0005070

Infrastructure sysadmins have corrected the SSL configuration of on October 21, 2014. The resulting system scores (aside from the trust issue) a quite positive result for the Qualys SSL Labs server test. The test report of Octobe 22, 2014 will be attached separately.


2015-01-25 21:08

reporter   ~0005277


Closed, thanks.

Issue History

Date Modified Username Field Change
2014-09-07 15:10 sebix New Issue
2014-09-07 15:10 sebix Relationship added child of 0001241
2014-10-22 13:17 wytze Note Added: 0005069
2014-10-22 13:17 wytze Assigned To => jandd
2014-10-22 13:17 wytze Status new => confirmed
2014-10-22 13:19 wytze Note Added: 0005070
2014-10-22 13:19 wytze Status confirmed => solved?
2014-10-22 13:19 wytze Fixed in Version => production
2014-10-22 13:19 wytze Resolution open => fixed
2014-10-22 13:20 wytze File Added:
2015-01-25 21:08 Mathias Note Added: 0005277
2015-01-25 21:08 Mathias Status solved? => closed