Opened 4 years ago

Closed 3 years ago

#13972 closed defect (fixed)

check.torproject.org doesn't support TLS 1.2

Reported by: mkral Owned by: arlolra
Priority: Very High Milestone:
Component: Applications/Tor Check Version:
Severity: Major Keywords:
Cc: weasel Actual Points:
Parent ID: #9417 Points:
Reviewer: Sponsor:

Description

I was checking check.torproject.org using SSLtest.

https://www.ssllabs.com/ssltest/analyze.html?d=check.torproject.org

According to Adam Langley from Google
"This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken."

https://www.imperialviolet.org/2014/12/08/poodleagain.html

Child Tickets

Change History (10)

comment:1 Changed 4 years ago by arlolra

Parent ID: #9417

Thanks for the report.

The server check runs on is in much need of love. There's been talk of an upgrade. Hopefully it'll happen soon.

comment:2 Changed 4 years ago by arlolra

Cc: weasel added

comment:3 Changed 3 years ago by cypherpunks

Priority: MediumVery High
Severity: Major

comment:4 Changed 3 years ago by arlolra

This will be fixed with the migration to chiwui.

comment:5 in reply to:  4 Changed 3 years ago by cypherpunks

Replying to arlolra:

This will be fixed with the migration to chiwui.

Is there an ETA on this so people can ping when it has passed?

comment:6 Changed 3 years ago by arlolra

Hopefully within the next few weeks.

comment:7 Changed 3 years ago by ohheyalan@…

Certificate Transparency=No
OCSP stapling=No
Public Key Pinning (HPKP)=No

These should all be "Yes"...

comment:8 Changed 3 years ago by cypherpunks

Been months since the supposed fix yet still running on TLS 1.0.

comment:9 Changed 3 years ago by arlolra

Sorry, slow progress. It's up on chiwui now, http://chiwui.torproject.org:8000/

Still testing though.

comment:10 Changed 3 years ago by arlolra

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.