[wp-meta] [Making WordPress.org] #5917: TLS Certificates in alternative domains
Making WordPress.org
noreply at wordpress.org
Mon Sep 27 02:11:23 UTC 2021
#5917: TLS Certificates in alternative domains
---------------------------+------------------------
Reporter: JavierCasares | Owner: (none)
Type: defect | Status: closed
Priority: high | Milestone:
Component: SSL | Resolution: duplicate
Keywords: |
---------------------------+------------------------
Changes (by dd32):
* status: new => closed
* resolution: => duplicate
Comment:
See #5049 for the wp.org domain.
> This server supports TLS 1.0 and TLS 1.1.
> Also, using some weak Cipher Suites.
I believe this is mostly for compatibility, and is the same SSL
configuration used for WordPress.com as well. I believe a number of PHP
installations on OpenSSL 0.9x are also limited to the older ciphers -
although I can't be sure, since every installation of OpenSSL could be
different (and I don't have access to the SSL logs)
Systems have also removed insecure ciphers over time, but like I've
mentioned, there's a limit to how much can be removed while also remaining
compatible with existing clients (and it's not really worth splitting
configuration for api/downloads from the rest of dotorg).
If there's any specific cipher you'd like to see removed, let us know :)
Apart from the the above, I'm going to close it as a duplicate of the
above ticket for now.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/5917#comment:1>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list