jesus add a override and you are done

MD5/SHA1 certificates are shit and it's th ejob of a security scanner to
point that out - for anything which you don't want to see local
overrides are the way to go

Am 07.04.2018 um 18:32 schrieb Alex Smirnoff:
> Huh?
> 
> It is relevant. But it is irrelevant for anything that is self-signed.
> Isn't it obvious?
> 
> On Thu, Mar 29, 2018 at 08:41:25PM +0200, Reindl Harald wrote:
>>
>>
>> Am 29.03.2018 um 20:29 schrieb Alex Smirnoff:
>>> Could you elaborate, exactly how weak hash could matter for self-signed
>>> certificate? Without vague references like "if you don't want to trust
>>> the NSA and NIST". I do not see any of those organisations stating that
>>> weak hash is dangerous for a situation where signature itself is
>>> irrelevant
>>
>> if the signature is irrelevant why do you use https at all?
>> WTF!
>>
>> there is no technical difference between your self-signed stuff or
>> certificates signed by a public CA except that you *one time* need to make
>> an exception in the client

_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Reply via email to