Last modified: 2012-02-20 20:12:22 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T29909, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 27909 - SSL RSA keys should be at least 2048 bits
SSL RSA keys should be at least 2048 bits
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
SSL related (Other open bugs)
unspecified
All All
: Normal enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
https://www.ssllabs.com/ssldb/analyze...
:
Depends on:
Blocks: ssl
  Show dependency treegraph
 
Reported: 2011-03-07 09:33 UTC by Victor Vasiliev
Modified: 2012-02-20 20:12 UTC (History)
6 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Victor Vasiliev 2011-03-07 09:33:27 UTC
We received a set of suggestions on OTRS about how the secure server should be improved. The user linked to the security tester (given in bug URL). I am not allowed to disclose the text of the email (#2011021210007633), but here is a brief summary of the suggestions:
* Disable SSL2 since it is vulnerable,
* Use at least 2048 bits for our RSA key,
* Serve images through SSL (we already have a bug for it).
Comment 1 p858snake 2011-03-07 09:39:50 UTC
(In reply to comment #0)
> * Disable SSL2 since it is vulnerable,
I believe this is bug 24332.
> * Serve images through SSL (we already have a bug for it).
Bug 16822 and possibly another one I can't find atm.
Comment 2 Casey Brown 2011-03-07 20:10:58 UTC
Should we turn this into a tracking bug then?
Comment 3 Matt McCutchen 2011-05-16 16:15:50 UTC
I have split SSLv2 off to bug 29014 and am making this bug report about the RSA key length, so we have individual bug reports blocking the secure server tracking bug.
Comment 4 Antoine "hashar" Musso (WMF) 2012-02-20 20:12:22 UTC
secure.wikimedia.org is now obsolete. We support SSL connection using the usual
DNS entry such as https://en.wikipedia.org/

SSL2 is disabled.
We use a 2048 bits RSA cert
Images are served with HTTPS whenever needed.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links