On 09/19/2014 11:54 PM, Johnson, Neil M wrote: > Does RADIATOR support SHA-2 in SSL certificates ?
Radiator depends on the SSL libraries for this. That is, if the SSL library supports the SHA-2 hash functions, then certificates with SHA-256 and related functions will work with Radiator. Older OpenSSL libraries did not load SHA-2 hash functions by default, but the latest version do. Also, since version 4.4 Radiator tries to always load SHA-256. If there are problems with SHA-2, then these should get solved by upgrading Net::SSLeay and/or OpenSSL. The Radiator 4.4 release notes indicate Net::SSLeay 1.36 and OpenSSL 0.9.8i are required for SHA-256. These seem to be from 2009 or early 2010. > Our security office is recommending that we get new certs sooner than later. > > https://www.comodo.com/e-commerce/SHA-2-transition.php RSA with 1024 bit long modulus is on its way out too and Chrome and Firefox have just recently taken action against both SHA1 and RSA 1024. We actually just recently discussed refreshing the test certificates that come with Radiator to use SHA-256 and RSA 2048. These are likely to be in the 4.13 patches this week. We will test with the systems we have, but if there are problems with other platforms, we would be interested to hear more. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
