Re: F41 Change Proposal: Make OpenSSL distrust SHA-1 signatures by default (system-wide)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Sun, Jun 9, 2024 at 11:22 AM Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote:
In https://fedoraproject.org/wiki/SHA1SignaturesGuidance:
> At the moment, we don't provide a public API to enable SHA-1 signature
> support in OpenSSL programmatically. We ask you to respect the system
> administrator's configuration choice on this. We're planning to work
> with OpenSSL upstream to introduce a more suitable API in the future

Any news on this? Being able to make this policy configurable at application
level would make things _much_ easier.

We don't plan to provide such an API, sorry. SHA1 is insecure. It should be eliminated from the crypto contexts _before_ a second-preimage attack starts to cost $0.02

--
Dmitry Belyavskiy
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux