[Cross-posting to mpop-users and msmtp-users as it applies to both] Hi!
On Sat, 9 Apr 2016 17:33:46 +0200, ilf wrote: > Currently, mpop(1) sais for tls_fingerprint: > > > The fingerprint can be either an SHA1 (recommended) or an MD5 > > fingerprint in the format 01:23:45:67:.... > > MD5 has been broken since 2008: [...] > > SHA-1 is also showing its age: [...] > > [...] > > I propose to: > > - implement support for SHA-2 with its six hash functions > - implement support for SHA-3 > - drop support for MD5 Thanks for pointing out this problem! I agree that MD5 needs to go and SHA1 should be avoided. However, let's not go overboard with alternatives. A quick check suggests that the one function in current widespread use to report TLS certificate fingerprints is SHA256 (Firefox, Chrome, various TLS-related websites), with SHA1 still being usually reported too. I pushed a patch to both mpop and msmtp that changes the following: - In --serverinfo, report SHA256 and SHA1 fingerprints but mark the latter as deprecated. Don't report MD5 anymore. - For --tls-fingerprint and tls_fingerprint, accept SHA256 in addition to SHA1 and MD5. - In the documentation, clearly state that SHA256 should be used. That keeps MD5 supported although it is discouraged. I expect that when certificates are renewed or replaced and thus fingerprints in the mpop/msmtp configuration need updating, users will most likely use --serverinfo to get the new fingerprint and thus update to SHA256 automatically. I see no need to break their configurations now. Any comments? Regards, Martin
pgpqeRjhKeZc1.pgp
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/ gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
_______________________________________________ msmtp-users mailing list msmtp-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/msmtp-users
