|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #70762 TLS configuration of is bad
Submitted: 2015-10-21 18:54 UTC Modified: 2018-10-24 21:22 UTC
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: zeev dot tarantov at gmail dot com Assigned: petk (profile)
Status: Closed Package: Systems problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2015-10-21 18:54 UTC] zeev dot tarantov at gmail dot com
------------ is served by Apache/2.2.16 (Debian) on
It only supports TLS 1.0, uses a common 1024bit DH group, supports RC4, does not support ECDHE or GCM and it has a SHA1 certificate. has good TLs configuration, so you can do better.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-19 20:38 UTC]
-Package: Website problem +Package: Systems problem
 [2017-01-19 20:38 UTC]
Moving to the systems package.
 [2017-12-05 20:34 UTC] royanee at gmail dot com
TLS 1.2 is going to be the only supported version on some systems in the near future. One of my browsers already refuses to let me access, so this isn't just insecure, it's actively preventing users from accessing the site.
 [2018-10-24 21:22 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: petk
 [2018-10-24 21:22 UTC]
Hello, thank you for reporting. At the time of this writing the SSL certificate for now supports the TLS 1.2 and reaches A grade on the SSL Server Test site. If you experience further issues, report please.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Fri Dec 08 09:01:27 2023 UTC