Bug 1009450

Summary: keys.fedoraproject.org uses very weak encryption
Product: [Fedora] Fedora Documentation Reporter: Christian Stadelmann <fedora>
Component: fedora-websitesAssignee: Fedora Websites Team <web-members>
Status: CLOSED DEFERRED QA Contact: Fedora Websites Team <web-members>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: develCC: nman64, puiterwijk, web-members
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-18 13:17:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christian Stadelmann 2013-09-18 13:13:32 UTC 
keys.fedoraproject.org provides certificates using weak cipher suites (DES40, RC2+CBC, RC4+MD5). This makes the server prone to man-in-the-middle-attacks.
For details see https://www.ssllabs.com/ssltest/analyze.html?d=https://keys.fedoraproject.org/
Comment 1 Patrick Uiterwijk 2013-09-18 13:17:00 UTC 
Please file this bug at https://fedorahosted.org/fedora-infrastructure