Tony Earnshaw wrote:
> Adam Gibson skrev, on 17-08-2007 04:13:
>
--- CUT ---
>> Or did I do something wrong and sha256 is supported with openssl 0.9.7a?
>>
>
> If you want a RHL5 dkim-milter 2.1.1 rpm or srpm I can give you one -
> though it will be doing things my way ('cos it's my own spec), which may
> not be yours ;)
>
I just realized the system is latest in the Centos 4.x versions and not
Centos 5. Thanks for bringing that up. I will end up upgrading that to
Centos 5 soon anyway which will fix the problem.
Someone else mentioned that the RFC recommends rsa-sha256 which I was
not aware of. That is one of the bad things about stable Linux
distributions... you end up with older libraries that end up causing you
problems.
I was not really expecting a solution to the problem... I was just
wondering how many servers will end up compiling with only rsa-sha1
support. I wonder if this should be made clearer in the INSTALL
documentation that a certain version or newer of openssl is highly
recommended for rsa-sha256 support to comply with the RFC and already
deployed systems since sha1 is considered outdated and less secure.
Maybe even explain how to get openssl installed in a separate directory
than the system openssl and linked to there (or maybe statically linked
into the binary) for distributions with older openssl libraries. I
suspect there are way more mail systems out there with older openssl
version than there are with the rsa-sha256 capabilities.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
