Hi Tomáš and openssl users,
finally the server at gibs.earthdata.nasa.gov was upgraded in order to
support SHA256 (instead of SHA1) as peer signing digest algorithm.
So, it is now possible to properly connect to it on Ubuntu 20.04 without
the need of lower the default SECURITY LEVEL from 2 to 1.
Regards.
Andrea Giudiceandrea
Il 14/08/2020 08:41, Tomas Mraz ha scritto:
It is not a bug in OpenSSL and it is not a misconfiguration or non-compliance on the server side either. Basically to enhance security the default seclevel on Debian and Ubuntu was raised to 2 which doesn't allow SHA1 signatures which are weak. The server apparently doesn't support them which indicates that it is some older implementation but that doesn't necessarily mean it is non-compliant. It is just less capable.
However the SHA1 signatures are regarded as seriously weakened currently, so it would be certainly a very good idea to upgrade/fix the server to support SHA2 based signatures.
Tomáš Mráz
