[gnutls-help] Disabling SHA-1 in Debian oldstable/stretch
Andreas Metzler
ametzler at bebt.de
Sun Jun 7 10:20:20 CEST 2020
Hello,
Debian stretch 09 will probably get its last gnutls update before
reaching EOL.
We are pondering whether we should follow Ubuntu's example
(USN-4233-1 / USN-4233-2) and stop trusting signatures using SHA-1 by
default and adding supprt for %VERIFY_ALLOW_BROKEN and
%VERIFY_ALLOW_SIGN_WITH_SHA1 priority strings.
We currently tend to do so, what would appreciate a second opinion from
GnuTLS upstream.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Gnutls-help
mailing list