Package: openssl
Version: 1.0.1j-1
Followup-For: Bug #546802
Dear Maintainer,
* What led up to the situation?
PCI and general good practice security requires sha256 or more for signing
certificates
* What exactly did you do (or not do) that was effective (or
ineffective)?
looking in the x509 man page for sign options :
-md2|-md5|-sha1|-mdc2
the digest to use. This affects any signing or display option that
uses a message digest, such as the -fingerprint, -signkey and -CA
options. If not specified then SHA1 is used. If the key being used
to sign with is a DSA key then this option has no effect: SHA1 is
always used with DSA keys.
* What was the outcome of this action?
no mention of sha256
* What outcome did you expect instead?
doc about sha256 sha384 and sha512
thanks
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (900, 'testing'), (600, 'unstable'), (449, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssl depends on:
ii libc6 2.19-11
ii libssl1.0.0 1.0.1j-1
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20140927
-- Configuration Files:
/etc/ssl/openssl.cnf changed [not included]
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
