On 2016-01-08 16:49, Petr Spacek wrote: > On 8.1.2016 13:56, Fraser Tweedale wrote: >> On Fri, Jan 08, 2016 at 01:26:57PM +0100, Martin Kosek wrote: >>>> Hi Fraser and other X.509 SMEs, >>>> >>>> I wanted to check with you on what we have or plan to have with respect to >>>> certificate/cipher strength in FreeIPA. >>>> >>>> When I visit the FreeIPA public demo for example, I usually see following >>>> errors with recent browsers: >>>> >>>> * Your connection to ipa.demo1.freeipa.org is encrypted using obsolete >>>> cypher >>>> suite. >>>> - The connection uses TLS 1.2 >>>> - The connection is encrypted ising AES_128_CBC, with HMAC-SHA1 for >>>> message >>>> authentication and RSA as the key exchange mechanism > > HMAC-SHA1 reminded me recently published paper: > http://www.mitls.org/pages/attacks/SLOTH > > It claims that all MD5 and SHA1 uses should be eliminated if feasible.
MD5 and SHA-1 should no longer be used for signatures. MACs are a completely different story. HMAC-SHA1 and even HMAC-MD5 are still fine and believed to be secure. https://en.wikipedia.org/wiki/Hash-based_message_authentication_code#Security
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code