QuantumScan
caddyserver/caddy
caddyserver/caddy
42
risk score
21 findings · 200 files scanned
Caddy server uses quantum-vulnerable ECDSA (P-256) for ACME certificate operations and MD5 hashing in FastCGI testing. While most findings are in test code, the ACME integration tests demonstrate patterns likely used in production certificate management, posing moderate post-quantum risks to TLS infrastructure.
Recent findingsView all findings →
| File | Algorithm | Severity | |
|---|---|---|---|
| modules/caddyhttp/reverseproxy/fastcgi/client_test.go:197 | MD5 | criticalBusiness impact 70 | |
| modules/caddyhttp/reverseproxy/fastcgi/client_test.go:250 | MD5 | criticalBusiness impact 70 | |
| modules/caddyhttp/reverseproxy/fastcgi/client_test.go:267 | MD5 | criticalBusiness impact 70 | |
| modules/caddyhttp/reverseproxy/fastcgi/client_test.go:25 | MD5 | criticalBusiness impact 15 | |
| modules/caddyhttp/reverseproxy/fastcgi/client_test.go:70 | MD5 | criticalBusiness impact 15 | |
| modules/caddyhttp/reverseproxy/fastcgi/client_test.go:94 | MD5 | criticalBusiness impact 15 | |
| modules/caddyhttp/reverseproxy/fastcgi/client_test.go:102 | MD5 | criticalBusiness impact 15 | |
| modules/caddyhttp/reverseproxy/fastcgi/client_test.go:105 | MD5 | criticalBusiness impact 15 | |
| modules/caddyhttp/reverseproxy/fastcgi/client_test.go:106 | MD5 | criticalBusiness impact 15 | |
| caddytest/integration/acmeserver_test.go:178 | ECDSA | highBusiness impact 55 |
Exposure by language
Go21 · 100%
Compliance mapping
DORA
Partial
NIS2
OK
NIST PQC
OK
Exports for compliance
Share read-only link
Anyone with this link can view the risk score and top findings — no sign-in required. Source code stays private.
https://quantumscan.io/en/share/66613c46-2f88-46cc-91c3-9f56a6d7d38dAdd a badge to your README
Show your project's post-quantum readiness in the README. The badge updates automatically after every new scan.
Markdown
[](https://github.com/caddyserver/caddy)HTML
<a href="https://github.com/caddyserver/caddy"><img src="https://quantumscan.io/api/badge/caddyserver/caddy.svg" alt="Post-Quantum Readiness" /></a>Add badge to your README
Show your quantum-safety score directly on GitHub.
[](https://quantumscan.io/en/scan/66613c46-2f88-46cc-91c3-9f56a6d7d38d)Save your results & track future changes
Create a free account to get drift alerts, compliance PDF exports, and scan history.
- Weekly drift alerts when new vulnerabilities appear
- Track risk score over time across all your repos
- Export DORA / NIS2 compliance PDF for auditors
Free forever for design partners · No credit card