Remove bundled 1024-bit certificates from bundled root certificates

[kkmuffme]

Because of https://core.trac.wordpress.org/ticket/34935#comment:10 from 10 years ago the bundled .crt still contains 1024-bit certificates, which are only needed for OpenSSL <1.0.1g

There was a recent update to the bundled root certificate https://core.trac.wordpress.org/changeset/60029 keeping those.

1024-bit certificates are considered insecure and not accepted by browsers for a decade now, however they are about to get (instead of just considered) insecure, with first research available indicating that 1024-bit RSA has been cracked in recent months.

Not only is this a security issue, but this can lead to massive direct (e.g. WooCommerce payment gateways) and indirect - like user data/GDPR/privacy e.g. when using email gateways used by most WP sites - financial consequences for sites running on WordPress.

Can these legacy certificates be removed from WP's certificate?

[johnbillion]

The fundamental problem is that the modern cacert bundle (without those 1024-bit root certs prepended) is not compatible with some ancient versions of OpenSSL. Reading through #34935 and linked tickets I believe this affects 1.0.1e to 1.0.1q due to path discovery bugs. This breaks the TLS connection regardless of whether any cert in the chain is signed with a 1024-bit cert.

This seems to primarily affect CentOS 7 which shipped with OpenSSL 1.0.1e. It can connect to modern services that retain support for ECDHE-GCM ciphers over TLS 1.2 and therefore is not yet functionally obsolete. I've no idea whether CentOS 7 users keep OpenSSL updated to a more modern version, perhaps something to chat with ​the hosting team about. Anyone still running an unpatched 1.0.1e would have a hard time using a recent cacert bundle anyway.

CentOS 7 is EOL since last year. My vote goes to pulling these out early in the 7.0 cycle.

Related (for 6.9): #63165