PHP :: Sec Bug #69888 :: Wildcard php.net SSL certificate uses deprecated SHA-1 algorithm

Wildcard php.net SSL certificate uses deprecated SHA-1 algorithm

Submitted:

2015-06-20 07:01 UTC

Modified:

2020-05-05 11:49 UTC

Votes:	3
Avg. Score:	3.7 ± 1.9
Reproduced:	3 of 3 (100.0%)
Same Version:	1 (33.3%)
Same OS:	1 (33.3%)

From:

krinklemail at gmail dot com

Assigned:

cmb (profile)

Status:

Closed

Package:

Website problem

PHP Version:

Irrelevant

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	krinklemail at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2015-06-20 07:01 UTC] krinklemail at gmail dot com

Description:
------------
Starting in 2014, Chrome is sunsetting tolerance of SSL certificates signed using deprecated signature algorithms based on SHA-1.


As of Chrome 42 stable, it actively displays a "grey padlock with orange warning symbol" icon instead of the trusted green lock.

In the future (2016/2017), the red splash page for invalid certificates will be used – which will stop most users from accessing the site.


Clicking on the icon shows:
> php.net
> This site uses a weak security configuration (SHA-1 signatures), so your connection may not be private.
>
> [..]
> 
> The certificate chain for this website contains at least one certificate that was signed using a deprecated signature algorithm based on SHA-1.

https://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html
https://blog.filippo.io/the-unofficial-chrome-sha1-faq/

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-10-05 21:15 UTC] royanee at gmail dot com

Not only that, the TLS settings could use a few updates:
https://www.ssllabs.com/ssltest/analyze.html?d=bugs.php.net&hideResults=on

 * No support for TLS 1.2, which is the only secure protocol version.
 * This server supports weak Diffie-Hellman (DH) key exchange parameters.
 * Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2.
 * The server supports only older protocols, but not the current best TLS 1.2.
 * This server accepts the RC4 cipher, which is weak.
 * The server does not support Forward Secrecy with the reference browsers.

[2020-05-05 11:49 UTC] cmb@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb

[2020-05-05 11:49 UTC] cmb@php.net

The certificate issue has been resolved in the meantime.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Dec 27 19:01:28 2024 UTC