Bug 31190

Summary: bugzilla server is vulnerable to critical HTTPS protocol attacks
Product: Infrastructure Reporter: Konstantin A Lepikhov (L.A. Kostis) <lakostis>
Component: bugzilla.altlinux.orgAssignee: Andrey Cherepanov <cas>
Status: CLOSED FIXED QA Contact: Andrey Cherepanov <cas>
Severity: blocker    
Priority: P3 CC: glebfm, ldv, mike
Version: unspecified   
Hardware: all   
OS: Linux   
URL: https://www.ssllabs.com/ssltest/analyze.html?d=bugzilla.altlinux.org

Description Konstantin A Lepikhov (L.A. Kostis) 2015-08-06 01:44:07 MSK 
Просто оставлю это здесь:

This server supports insecure Diffie-Hellman (DH) key exchange parameters (Logjam). Grade set to F.   MORE INFO »
This server supports 512-bit export suites and might be vulnerable to the FREAK attack. Grade set to F.   MORE INFO »
This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.   MORE INFO »
Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2.  MORE INFO »
The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C.  MORE INFO »
The server private key is not strong enough. Grade capped to B.
This server accepts the RC4 cipher, which is weak. Grade capped to B.  MORE INFO »
The server does not support Forward Secrecy with the reference browsers.  MORE INFO »
This server's certificate chain is incomplete. Grade capped to B.

Настоятельно рекомендуется прочесть MORE INFO и таки обновить настройки HTTPS.
Comment 1 Dmitry V. Levin 2015-08-31 13:51:18 MSK 
bugzilla server чему только не vulnerable.

Вынес https:// в отдельный контейнер от греха подальше.
Comment 2 Michael Shigorin 2015-08-31 14:03:04 MSK 
"Кэширую" текущий ответ по ссылке (т.к. тест небыстрый):

Overall Rating: T
If trust issues are ignored: B

This server's certificate is not trusted, see below for details.
This server's certificate chain is incomplete. Grade capped to B.
This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
This server supports HTTP Strict Transport Security with long duration.