Skip to content

QuantumScan

caddyserver/caddy

caddyserver/caddy
42
risk score
21 findings · 200 files scanned

Caddy server uses quantum-vulnerable ECDSA (P-256) for ACME certificate operations and MD5 hashing in FastCGI testing. While most findings are in test code, the ACME integration tests demonstrate patterns likely used in production certificate management, posing moderate post-quantum risks to TLS infrastructure.

Recent findingsView all findings →
FileAlgorithmSeverity
modules/caddyhttp/reverseproxy/fastcgi/client_test.go:197MD5criticalBusiness impact 70
modules/caddyhttp/reverseproxy/fastcgi/client_test.go:250MD5criticalBusiness impact 70
modules/caddyhttp/reverseproxy/fastcgi/client_test.go:267MD5criticalBusiness impact 70
modules/caddyhttp/reverseproxy/fastcgi/client_test.go:25MD5criticalBusiness impact 15
modules/caddyhttp/reverseproxy/fastcgi/client_test.go:70MD5criticalBusiness impact 15
modules/caddyhttp/reverseproxy/fastcgi/client_test.go:94MD5criticalBusiness impact 15
modules/caddyhttp/reverseproxy/fastcgi/client_test.go:102MD5criticalBusiness impact 15
modules/caddyhttp/reverseproxy/fastcgi/client_test.go:105MD5criticalBusiness impact 15
modules/caddyhttp/reverseproxy/fastcgi/client_test.go:106MD5criticalBusiness impact 15
caddytest/integration/acmeserver_test.go:178ECDSAhighBusiness impact 55
Exposure by language
Go21 · 100%
Compliance mapping
DORA
Partial
NIS2
OK
NIST PQC
OK
Exports for compliance
Share read-only link

Anyone with this link can view the risk score and top findings — no sign-in required. Source code stays private.

https://quantumscan.io/en/share/66613c46-2f88-46cc-91c3-9f56a6d7d38d
Add a badge to your README

Show your project's post-quantum readiness in the README. The badge updates automatically after every new scan.

Preview

Post-Quantum Readiness
Markdown
[![Post-Quantum Readiness](https://quantumscan.io/api/badge/caddyserver/caddy.svg)](https://github.com/caddyserver/caddy)
HTML
<a href="https://github.com/caddyserver/caddy"><img src="https://quantumscan.io/api/badge/caddyserver/caddy.svg" alt="Post-Quantum Readiness" /></a>

Add badge to your README

Show your quantum-safety score directly on GitHub.

QuantumScan badge preview
[![QuantumScan](https://quantumscan.io/api/badge/caddyserver/caddy.svg)](https://quantumscan.io/en/scan/66613c46-2f88-46cc-91c3-9f56a6d7d38d)

Save your results & track future changes

Create a free account to get drift alerts, compliance PDF exports, and scan history.

  • Weekly drift alerts when new vulnerabilities appear
  • Track risk score over time across all your repos
  • Export DORA / NIS2 compliance PDF for auditors

Free forever for design partners · No credit card