Opened 7 months ago
Closed 2 months ago
#64063 closed task (blessed) (fixed)
Remove bundled 1024-bit certificates from bundled root certificates
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 7.0 | Priority: | normal |
| Severity: | major | Version: | |
| Component: | HTTP API | Keywords: | early has-patch |
| Focuses: | Cc: |
Description
Because of https://core.trac.wordpress.org/ticket/34935#comment:10 from 10 years ago the bundled .crt still contains 1024-bit certificates, which are only needed for OpenSSL <1.0.1g
There was a recent update to the bundled root certificate https://core.trac.wordpress.org/changeset/60029 keeping those.
1024-bit certificates are considered insecure and not accepted by browsers for a decade now, however they are about to get (instead of just considered) insecure, with first research available indicating that 1024-bit RSA has been cracked in recent months.
Not only is this a security issue, but this can lead to massive direct (e.g. WooCommerce payment gateways) and indirect - like user data/GDPR/privacy e.g. when using email gateways used by most WP sites - financial consequences for sites running on WordPress.
Can these legacy certificates be removed from WP's certificate?
Change History (11)
#1
@
6 months ago
- Component changed from HTTP API to Security
- Keywords early added
- Milestone changed from Awaiting Review to 7.0
- Type changed from defect (bug) to task (blessed)
This ticket was mentioned in Slack in #core by audrasjb. View the logs.
3 months ago
This ticket was mentioned in PR #10811 on WordPress/wordpress-develop by @johnbillion.
3 months ago
#3
- Keywords has-patch added
Trac ticket: Core-64063.
One potential concern is whether anyone is relying on the cacert.pem file to exist. For example:
wp_remote_get(
'https://example.com',
[
'sslcertificates' => ABSPATH . 'wp-includes/certificates/cacert.pem',
]
);
#4
@
3 months ago
This situation feels very similar to how WordPress has historically handled old PHP versions.
When usage drops below a small threshold (e.g. ~5%), the project has not hesitated to raise minimum requirements, even knowing that some legacy or extended-support systems would be affected. The rationale has consistently been that maintaining compatibility with outdated and insecure components is not sustainable long-term.
In this case, requiring certificates to be at least 2048-bit seems reasonable and appropriate, regardless of operating system or distribution. 1024-bit certificates are no longer considered secure, and keeping them in the root bundle primarily exists to accommodate very old TLS stacks.
If CentOS 7 (or similar environments) still relies on this for historical or extended-support reasons, it likely already has other significant limitations — for example, outdated PHP versions or TLS behavior that WordPress has already deprecated or dropped support for. From that perspective, retaining weaker certificates in core does not really solve the underlying problem.
Deprecating and removing 1024-bit certificates would be consistent with WordPress’ broader approach: encourage platform modernization rather than preserving insecure compatibility indefinitely.
This ticket was mentioned in Slack in #hosting by amykamala. View the logs.
3 months ago
This ticket was mentioned in Slack in #core by juanmaguitar. View the logs.
2 months ago
@johnbillion commented on PR #10811:
2 months ago
#8
@desrosj I added the removed files to $_old_files. How's this looking?
@johnbillion commented on PR #10811:
2 months ago
#9
I also noticed there's a new version of the certificates available. Do you think we can include that as part of this change with a reference to Core-64245?
Thanks. Let's do that as a follow up commit just to keep things separate.
The fundamental problem is that the modern cacert bundle (without those 1024-bit root certs prepended) is not compatible with some ancient versions of OpenSSL. Reading through #34935 and linked tickets I believe this affects 1.0.1e to 1.0.1q due to path discovery bugs. This breaks the TLS connection regardless of whether any cert in the chain is signed with a 1024-bit cert.
This seems to primarily affect CentOS 7 which shipped with OpenSSL 1.0.1e. It can connect to modern services that retain support for ECDHE-GCM ciphers over TLS 1.2 and therefore is not yet functionally obsolete. I've no idea whether CentOS 7 users keep OpenSSL updated to a more modern version, perhaps something to chat with the hosting team about. Anyone still running an unpatched 1.0.1e would have a hard time using a recent cacert bundle anyway.
CentOS 7 is EOL since last year. My vote goes to pulling these out early in the 7.0 cycle.
Related (for 6.9): #63165