Oh, I thought that auto-detection of SHA1 readiness does the same thing
as this explicit configuration file disabling. It does not indeed. Okay,
then build-time disabled or not yet supported algorithms (like PQC) are
needed. I maybe get why it slipped through untested then.
Only now I get what was meant by the comment to test different variant
of this problem, with different algorithms used.
Sorry for misleading information, I did not test it on different system.
I though it behaves the same in the validator.
I do not even have my Debian sid container on my new laptop (yet!).
On 07/11/2025 13:54, Ondřej Surý wrote:
Debian never had that problem, as RSASHA1 is not disabled there in the crypto
library, the setting
disable-algorithms . {
RSASHA1;
};
is a different.
You would need something like RSAMD5 + <supported algorithm> to reproduce the
issue.
Ondrej
--
Ondřej Surý (He/Him)
[email protected]
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
On 7. 11. 2025, at 7:46, Bjørn Mork via bind-users <[email protected]>
wrote:
But I'm unable to reproduce the original issue with the current 9.20.15
based package in Debian. Probably doing something wrong...
--
Petr Menšík
Senior Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list.
