View Issue Details

IDProjectCategoryView StatusLast Update
0001342Main CAcert Websitepublic2014-12-14 11:37
ReporterMathias Assigned To 
Status closedResolutionfixed 
Summary0001342: still offers SSLv3

As of today and after the update on Dec 1, still offers SSLv3 and therefore is still vulnerable to the POODLE attack. Has this server be forgotten?

Thanks for looking into this.

Additional Information-
TagsNo tags attached.
Reviewed by
Test Instructions


child of 0001241 solved?jandd SSL/TLS configuration is bad on many levels 



2014-12-11 16:40

reporter   ~0005164

This issue seems to be related to 0001341. (Because of missing permissions I cannot enter this relationship in Mantis.)


2014-12-14 10:39

reporter   ~0005170

Checking it today shows a very good rating for, it's supporting TLS only. I guess this has been solved meanwhile?


2014-12-14 11:36

reporter   ~0005172

Yes, I can confirm this for as an external user doing some checks and scans. It seems that the mail of Wytze van der Raay on yesterday [1] was successfull. Although there are still some open issues :-(

I try to close this issue (and I hope it will work).



2014-12-14 11:37

reporter   ~0005173

Scanning on 14 Dec 2014 caused no further problems.

Issue History

Date Modified Username Field Change
2014-12-11 16:37 Mathias New Issue
2014-12-11 16:38 Mathias Relationship added child of 0001241
2014-12-11 16:40 Mathias Note Added: 0005164
2014-12-14 10:39 sebix Note Added: 0005170
2014-12-14 11:36 Mathias Note Added: 0005172
2014-12-14 11:37 Mathias Note Added: 0005173
2014-12-14 11:37 Mathias Status new => closed
2014-12-14 11:37 Mathias Resolution open => fixed