Am 29.03.2018 um 20:29 schrieb Alex Smirnoff:
Could you elaborate, exactly how weak hash could matter for self-signed
certificate? Without vague references like "if you don't want to trust
the NSA and NIST". I do not see any of those organisations stating that
weak hash is dangerous for a situation where signature itself is
irrelevant
if the signature is irrelevant why do you use https at all?
WTF!
there is no technical difference between your self-signed stuff or
certificates signed by a public CA except that you *one time* need to
make an exception in the client
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
