Jira (PUP-2420) CRLs should be signed with SHA256 when available

[Joshua Cooper (JIRA)]

Title: Message Title

Joshua Cooper commented on an issue   Re: CRLs should be signed with SHA256 when available There is also some duplicated logic in `Puppet::SSL::Host#suitable_digest_algorithms` Add Comment   Puppet / PUP-2420 CRLs should be signed with SHA256 when available Certificate revocation lists are always signed with SHA1WithRSAEncryption, but when signing certificate signing requests and certificates, we default to SHA256WithRSAEncryption. If SHA256 is not available, we fall back to SHA1WithRSAEncryption. We should refactor the CRL code to use the CertificateSigner code so that we use more secure defaults. This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.