On 12/07/2017 14:24, Niklas Keller wrote:
2017-07-12 8:35 GMT+02:00 Wouter Verhelst >:
On 11-07-17 23:44, Salz, Rich via openssl-users wrote:
>> It's very well worth the effort, otherwise there's a security
issue, because
2017-07-12 8:35 GMT+02:00 Wouter Verhelst :
> On 11-07-17 23:44, Salz, Rich via openssl-users wrote:
> >> It's very well worth the effort, otherwise there's a security issue,
> because certificates can be forged.
> >
> > No they cannot.
> >
> > What *has* been done is a
On 11-07-17 23:44, Salz, Rich via openssl-users wrote:
>> It's very well worth the effort, otherwise there's a security issue, because
>> certificates can be forged.
>
> No they cannot.
>
> What *has* been done is a document was created with "weak spots" and another
> document was created that
On 12/07/2017 07:23, Viktor Dukhovni wrote:
On Wed, Jul 12, 2017 at 02:02:31AM +0200, Jakob Bohm wrote:
I don't think a state is really needed for this, if the callback
simply checks if the certificate is in the loaded trust collection,
and/or if it is self-signed (depending on the
On Wed, Jul 12, 2017 at 02:02:31AM +0200, Jakob Bohm wrote:
> I don't think a state is really needed for this, if the callback
> simply checks if the certificate is in the loaded trust collection,
> and/or if it is self-signed (depending on the application's chosen
> root CA trust model).
Yes,
On 10/07/2017 18:52, Viktor Dukhovni wrote:
On Jul 10, 2017, at 3:45 AM, Niklas Keller wrote:
What's the best way / a working way to reject weak signature schemes in OpenSSL
1.0.{1,2}?
Most CAs have stopped issuing SHA-1 certificates. Any old ones will expire
over the
> It's very well worth the effort, otherwise there's a security issue, because
> certificates can be forged.
No they cannot.
What *has* been done is a document was created with "weak spots" and another
document was created that changed those weak spots, but the digest was the
same.
This is
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Monday, July 10, 2017 13:24
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] Rejecting SHA-1 certificates
>
> On Mon, Jul 10, 2017 at 08:19:11PM +0200
On Mon, Jul 10, 2017 at 08:19:11PM +0200, Niklas Keller wrote:
> > What's your threat model, and how does it justify this effort?
>
> The same as for browsers I guess. Could you explain why browsers and Java
> disable SHA1, but it's not worth for me doing so?
The browsers and Java do this
On Mon, Jul 10, 2017 at 10:22 AM, Viktor Dukhovni <
openssl-us...@dukhovni.org> wrote:
>
> > On Jul 10, 2017, at 1:12 PM, Niklas Keller wrote:
> >
> > It's very well worth the effort, otherwise there's a security issue,
> because certificates can be forged.
>
> Collision
2017-07-10 19:30 GMT+02:00 Michael Wojcik <michael.woj...@microfocus.com>:
> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> Behalf Of Niklas Keller
> > Sent: Monday, July 10, 2017 11:12
> > To: openssl-users@openssl.org
> > Subject: Re
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Niklas Keller
> Sent: Monday, July 10, 2017 11:12
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] Rejecting SHA-1 certificates
> It's very well worth the effort, otherwise there'
> On Jul 10, 2017, at 1:12 PM, Niklas Keller wrote:
>
> It's very well worth the effort, otherwise there's a security issue, because
> certificates can be forged.
Collision attacks don't directly lead to certificate forgery. There are
no known 2nd-preimage attacks on SHA-1.
>
> > On Jul 10, 2017, at 3:45 AM, Niklas Keller wrote:
> >
> >
> > What's the best way / a working way to reject weak signature schemes in
> OpenSSL 1.0.{1,2}?
>
> Most CAs have stopped issuing SHA-1 certificates. Any old ones will
> expire over the
> next year or two. While
> On Jul 10, 2017, at 3:45 AM, Niklas Keller wrote:
>
>
> What's the best way / a working way to reject weak signature schemes in
> OpenSSL 1.0.{1,2}?
Most CAs have stopped issuing SHA-1 certificates. Any old ones will expire
over the
next year or two. While Google has
Morning,
I'm currently trying to reject certificate chains which rely on MD5 and
SHA-1 for signatures. I found SSL_get0_verified_chain which could be used
to walk the chain and reject if there's any MD5 / SHA-1 certificate in
there, except for the last one, which is trusted because of the public
16 matches
Mail list logo