Hello, I have a question for someone with deep knowledge about cryptology. The question regards Fedora's crypto policies and a certain usage of SHA-1 in TLS. I encountered a web server that Seamonkey and Firefox refuse to talk to. Both give me the error SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM. In an attempt to find out more, I checked the server with Qualys' SSL Server Test (https://www.ssllabs.com/ssltest/). Qualys gave it an A+, which is supposed to mean that its security is excellent. Next I used Wireshark to inspect the TLS handshake. Wireshark reported usage of SHA-1, not in the certificate but in a signature associated with elliptic curve parameters: | TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange | Content Type: Handshake (22) | Version: TLS 1.2 (0x0303) | Length: 333 | Handshake Protocol: Server Key Exchange | Handshake Type: Server Key Exchange (12) | Length: 329 | EC Diffie-Hellman Server Params | Curve Type: named_curve (0x03) | Named Curve: secp256r1 (0x0017) | Pubkey Length: 65 | Pubkey: 041f840f40a2178f875274097092ca2549138f8a7bd52df895ea413b742d1714a6cf873e… | Signature Algorithm: rsa_pkcs1_sha1 (0x0201) | Signature Hash Algorithm Hash: SHA1 (2) | Signature Hash Algorithm Signature: RSA (1) | Signature Length: 256 | Signature: 09147d81aa601dc402e62cf7f943196c89822a0c8bbe07d8443654519b0e04f51b0b8e72… To check whether this was the problem, I temporarily added "SHA1" to /etc/crypto-policies/back-ends/nss.config. This made the error go away, and the browser happily loaded the page. My question is: Is it true that this usage of SHA-1 makes the TLS session weak, so that it's correct to forbid it in the crypto policy? Or could it be that Qualys is right? Perhaps SHA-1 is fine for this use case, even though it's too weak for other use cases, and the crypto policy should allow it? The website where I saw this is https://www.euroclear.com/ in case anyone wants to test things themself. Björn Persson
Attachment:
pgp4wXEPeYnSW.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
