The patch at https://github.com/puppetlabs/puppet/pull/616/files changes
the default hash settings from MD5 and SHA1 to SHA256. This should have
no effect on operation (or security) on existing environments.
With an existinc CA, I've tested adding nodes with a patched master and
client, a
Bastian Blank wa...@debian.org writes:
The included CA still only displays MD5 fingerprints of certificates.
MD5 is not longer save against collision attacks. So a rogue client is
able to use a collision attack to get a certificate for the puppet
master and overtake the clients.
Could you
2 matches
Mail list logo
