Control: tags -1 + moreinfo On 03/17/2017 04:38 PM, Alex Gaynor wrote: > Package: ca-certificates > Severity: normal
What version of ca-certificates? > The ca-certificates package includes legacy root certificates which have > 1024-bit RSA keys. These are considered weak by modern standards, and > have been removed from the upstream Mozilla trust store. Please, be specific: what 1024-bit roots? > For a while these were needed to workaround a bug in OpenSSL X.509 path > building logic, but that bug has since been resolved so these are now > vestigial and a risk. ca-certificates version 20140927 removed the 1024-bit certificates when updating the mozilla CA bundle to 2.1. Please, provide some details about your installation, otherwise, this was fixed long ago. -- Kind regards, Michael