[gnutls-help] Disabling SHA-1 in Debian oldstable/stretch

Andreas Metzler ametzler at bebt.de
Sun Jun 7 10:20:20 CEST 2020


Debian stretch 09 will probably get its last gnutls update before
reaching EOL.

We are pondering whether we should follow Ubuntu's example
(USN-4233-1 / USN-4233-2) and stop trusting signatures using SHA-1 by
default and adding supprt for %VERIFY_ALLOW_BROKEN and
%VERIFY_ALLOW_SIGN_WITH_SHA1 priority strings.

We currently tend to do so, what would appreciate a second opinion from
GnuTLS upstream.

cu Andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Gnutls-help mailing list