[gnutls-help] Help allowing SHA1
Brandon Sawyers
brandor5 at gmail.com
Thu Jan 23 14:39:35 CET 2020
Thank you very much!
I will track the bug there.
Thanks,
Brandon
On Thu, Jan 23, 2020, 07:16 Dimitri John Ledkov <xnox at ubuntu.com> wrote:
> On Thu, 23 Jan 2020 at 14:01, Nikos Mavrogiannopoulos <nmav at gnutls.org>
> wrote:
> >
> > On Wed, Jan 22, 2020 at 3:42 PM Brandon Sawyers <brandor5 at gmail.com>
> wrote:
> > >
> > > Hello everyone:
> > >
> > > A recent package upgrade in ubuntu 1604 (v3.4.10-4ubuntu1.6) and 1804
> (v3.5.18-1ubuntu1.2) has left us without SHA1 support. Since we are still
> in the process of migrating our last services off of SHA1 with a target
> date of April this has put us in a pickle.
> > >
> > > From reading the docs I expect I should be able to use priority and
> allow SHA1 to function, however making this work has been rather
> frustrating.
> > >
> > > I've tried several different versions of the following command but I
> would expect just having "NORMAL:+SIGN-RSA-SHA1:+SHA1" priority set should
> work.
> > >
> > > `gnutls-bin --x509cafile ./cachain-with-sha1-signed-cert.pem
> --priority='NORMAL:+SIGN-RSA-SHA1:+SHA1' -p 636 internal.directory.org`
> >
> > Have you tried appending %VERIFY_ALLOW_SIGN_WITH_SHA1? The available
> > priority strings are documented in:
> > https://gnutls.org/manual/html_node/Priority-Strings.html
> >
>
> From what I can tell is that the backports do not include that
> flag.... I'm escalating this, as this is regression-security as I do
> not believe that upstream code is affected as this is an issue in the
> patch set released in ubuntu.
>
> I hope to move this discussion downstream to
> https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1860656
>
>
> --
> Regards,
>
> Dimitri.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20200123/8455349b/attachment-0001.html>
More information about the Gnutls-help
mailing list