jesus add a override and you are done MD5/SHA1 certificates are shit and it's th ejob of a security scanner to point that out - for anything which you don't want to see local overrides are the way to go
Am 07.04.2018 um 18:32 schrieb Alex Smirnoff: > Huh? > > It is relevant. But it is irrelevant for anything that is self-signed. > Isn't it obvious? > > On Thu, Mar 29, 2018 at 08:41:25PM +0200, Reindl Harald wrote: >> >> >> Am 29.03.2018 um 20:29 schrieb Alex Smirnoff: >>> Could you elaborate, exactly how weak hash could matter for self-signed >>> certificate? Without vague references like "if you don't want to trust >>> the NSA and NIST". I do not see any of those organisations stating that >>> weak hash is dangerous for a situation where signature itself is >>> irrelevant >> >> if the signature is irrelevant why do you use https at all? >> WTF! >> >> there is no technical difference between your self-signed stuff or >> certificates signed by a public CA except that you *one time* need to make >> an exception in the client _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
