jesus add a override and you are done

MD5/SHA1 certificates are shit and it's th ejob of a security scanner to
point that out - for anything which you don't want to see local
overrides are the way to go

Am 07.04.2018 um 18:32 schrieb Alex Smirnoff:
> Huh?
> It is relevant. But it is irrelevant for anything that is self-signed.
> Isn't it obvious?
> On Thu, Mar 29, 2018 at 08:41:25PM +0200, Reindl Harald wrote:
>> Am 29.03.2018 um 20:29 schrieb Alex Smirnoff:
>>> Could you elaborate, exactly how weak hash could matter for self-signed
>>> certificate? Without vague references like "if you don't want to trust
>>> the NSA and NIST". I do not see any of those organisations stating that
>>> weak hash is dangerous for a situation where signature itself is
>>> irrelevant
>> if the signature is irrelevant why do you use https at all?
>> WTF!
>> there is no technical difference between your self-signed stuff or
>> certificates signed by a public CA except that you *one time* need to make
>> an exception in the client

Openvas-discuss mailing list

Reply via email to