php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #70762 TLS configuration of bugs.php.net is bad
Submitted: 2015-10-21 18:54 UTC Modified: 2018-10-24 21:22 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: zeev dot tarantov at gmail dot com Assigned: petk (profile)
Status: Closed Package: Systems problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2015-10-21 18:54 UTC] zeev dot tarantov at gmail dot com 
Description:
------------
bugs.php.net is served by Apache/2.2.16 (Debian) on sgrv20.php.net.
It only supports TLS 1.0, uses a common 1024bit DH group, supports RC4, does not support ECDHE or GCM and it has a SHA1 certificate. php.net has good TLs configuration, so you can do better.

https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fbugs.php.net

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-19 20:38 UTC] aharvey@php.net
-Package: Website problem +Package: Systems problem
 [2017-01-19 20:38 UTC] aharvey@php.net 
Moving to the systems package.
 [2017-12-05 20:34 UTC] royanee at gmail dot com 
TLS 1.2 is going to be the only supported version on some systems in the near future. One of my browsers already refuses to let me access bugs.php.net, so this isn't just insecure, it's actively preventing users from accessing the site.
 [2018-10-24 21:22 UTC] petk@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: petk
 [2018-10-24 21:22 UTC] petk@php.net 
Hello, thank you for reporting. At the time of this writing the SSL certificate for bugs.php.net now supports the TLS 1.2 and reaches A grade on the SSL Server Test site. If you experience further issues, report please.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 20:01:29 2024 UTC