Dear Tomcat users

i have the following problem: I am using tomcat 6.0.45 under aix 7.1 
(7100-03-05-1524)

i got the below Finding and my question is how can i fix it: ( ihave no 
experience regarding
how to handle SSL certificates:

1.) Can i change something in a config file to fix it
2) or have i to use a new certificate. If yes, how do i generate this new 
certificate

Here is the description of the Finding:

An SSL certificate in the certificate chain has been signed using a weak hash 
algorithm.

Description :

The remote service uses an SSL certificate chain that has been signed using a 
cryptographically
weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature 
algorithms are known to be
vulnerable to collision attacks. An attacker can exploit this to generate 
another certificate
with the same digital signature, allowing an attacker to masquerade as the 
affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that 
expire after
January 1, 2017 as vulnerable. This is in accordance with Google's gradual 
sunsetting of the
SHA-1 cryptographic hash algorithm.




 Michael Mattes
 DevIT Boeblingen       Phone: +49-(0)7031-16-1609
 E-mail: mmat...@de.ibm.com
 
 IBM Germany Development Lab
 Schoenaicher Str. 220, 71032 Boeblingen,
 Germany       


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to