[wp-trac] [WordPress Trac] #64063: Remove bundled 1024-bit certificates from bundled root certificates

WordPress Trac noreply at wordpress.org
Sat Jan 31 05:48:33 UTC 2026 

#64063: Remove bundled 1024-bit certificates from bundled root certificates
-----------------------------+---------------------
 Reporter:  kkmuffme         |       Owner:  (none)
     Type:  task (blessed)   |      Status:  new
 Priority:  normal           |   Milestone:  7.0
Component:  Security         |     Version:
 Severity:  major            |  Resolution:
 Keywords:  early has-patch  |     Focuses:
-----------------------------+---------------------

Comment (by JavierCasares):

 This situation feels very similar to how WordPress has historically
 handled old PHP versions.

 When usage drops below a small threshold (e.g. ~5%), the project has not
 hesitated to raise minimum requirements, even knowing that some legacy or
 extended-support systems would be affected. The rationale has consistently
 been that maintaining compatibility with outdated and insecure components
 is not sustainable long-term.

 In this case, requiring certificates to be **at least 2048-bit** seems
 reasonable and appropriate, regardless of operating system or
 distribution. 1024-bit certificates are no longer considered secure, and
 keeping them in the root bundle primarily exists to accommodate very old
 TLS stacks.

 If CentOS 7 (or similar environments) still relies on this for historical
 or extended-support reasons, it likely already has other significant
 limitations — for example, outdated PHP versions or TLS behavior that
 WordPress has already deprecated or dropped support for. From that
 perspective, retaining weaker certificates in core does not really solve
 the underlying problem.

 Deprecating and removing 1024-bit certificates would be consistent with
 WordPress’ broader approach: encourage platform modernization rather than
 preserving insecure compatibility indefinitely.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/64063#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list