On Sun, Jun 9, 2024 at 11:22 AM Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote:
In https://fedoraproject.org/wiki/SHA1SignaturesGuidance:
> At the moment, we don't provide a public API to enable SHA-1 signature
> support in OpenSSL programmatically. We ask you to respect the system
> administrator's configuration choice on this. We're planning to work
> with OpenSSL upstream to introduce a more suitable API in the future
Any news on this? Being able to make this policy configurable at application
level would make things _much_ easier.
We don't plan to provide such an API, sorry. SHA1 is insecure. It should be eliminated from the crypto contexts _before_ a second-preimage attack starts to cost $0.02
Dmitry Belyavskiy
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
