Dear Tomcat users i have the following problem: I am using tomcat 6.0.45 under aix 7.1 (7100-03-05-1524)
i got the below Finding and my question is how can i fix it: ( ihave no experience regarding how to handle SSL certificates: 1.) Can i change something in a config file to fix it 2) or have i to use a new certificate. If yes, how do i generate this new certificate Here is the description of the Finding: An SSL certificate in the certificate chain has been signed using a weak hash algorithm. Description : The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service. Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm. Michael Mattes DevIT Boeblingen Phone: +49-(0)7031-16-1609 E-mail: mmat...@de.ibm.com IBM Germany Development Lab Schoenaicher Str. 220, 71032 Boeblingen, Germany --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
