Patch to update the default CA certificates to use SHA1 instead of MD5
Hi, While I was building a version of FreeRADIUS 2.1.6 from source I was testing the certificates that are created using the certs makefile. I noticed that the CA certs (as well as server and client certs) use the default OpenSSL md5rsa signature algorithm. From the recently announced vulnerabilities against certs using this signature algorithm ( http://www.kb.cert.org/vuls/id/836068), it would be better if these certificates used the sha1rsa signature algorithm instead. Note that while the README explicitly states that the default test certificates shouldn't be used, it does tell users to generate their own certificates using the same certificate configuration files. The result is that users following these defaults will end up using md5rsa certificates. The following patches to the ca.cnf, server.cnf, and client.cnf files update them to use sha1rsa. Thanks, Walter --- ca.cnf.orig 2009-08-08 22:48:01.000000000 -0500 +++ ca.cnf 2009-08-08 22:49:44.000000000 -0500 @@ -16,7 +16,7 @@ cert_opt = ca_default default_days = 365 default_crl_days = 30 -default_md = md5 +default_md = sha1 preserve = no policy = policy_match --- client.cnf.orig 2009-08-08 22:48:08.000000000 -0500 +++ client.cnf 2009-08-08 22:49:33.000000000 -0500 @@ -16,7 +16,7 @@ cert_opt = ca_default default_days = 365 default_crl_days = 30 -default_md = md5 +default_md = sha1 preserve = no policy = policy_match --- server.cnf.orig 2009-08-08 22:48:16.000000000 -0500 +++ server.cnf 2009-08-08 22:49:56.000000000 -0500 @@ -16,7 +16,7 @@ cert_opt = ca_default default_days = 365 default_crl_days = 30 -default_md = md5 +default_md = sha1 preserve = no policy = policy_match
Walter Goulet wrote:
While I was building a version of FreeRADIUS 2.1.6 from source I was testing the certificates that are created using the certs makefile. I noticed that the CA certs (as well as server and client certs) use the default OpenSSL md5rsa signature algorithm. From the recently announced vulnerabilities against certs using this signature algorithm (http://www.kb.cert.org/vuls/id/836068), it would be better if these certificates used the sha1rsa signature algorithm instead.
Except a lot of systems still don't support certificates with SHA1 hashes. We had made that change a while ago, and it caused problems. So we changed it back. It's easier to leave it as MD5. If people need SHA1 for security, they can edit the files and create better certificates. Alan DeKok.
Ah, I never considered that other people's gear (besides my own) wouldn't support SHA1. Would you consider then the following patch to the README file so that people can make an informed decision? --- README.orig 2009-08-09 18:31:53.000000000 -0500 +++ README 2009-08-09 18:42:06.000000000 -0500 @@ -200,3 +200,17 @@ - Someone needs to ask Microsoft to please stop making life hard for their customers. + + SECURITY CONSIDERATIONS + +The default certificate configuration files specify the use of the +MD5/RSA signature algorithm to maintain compatibility with network +equipment that only supports this algorithm. + +MD5/RSA has known weaknesses and is discouraged in favor of SHA1/RSA +(see http://www.kb.cert.org/vuls/id/836068 for details). If your +network equipment supports the SHA1/RSA signature algorithm, it is +recommended that you change the configuration files to specify the use +of SHA1/RSA for the certificates. To do this, change the 'default_md' +entry in the ca.cnf/server.cnf/client.cnf files from 'md5' to 'sha1'. + On Sun, Aug 9, 2009 at 8:47 AM, Alan T DeKok <aland@freeradius.org> wrote:
Walter Goulet wrote:
While I was building a version of FreeRADIUS 2.1.6 from source I was testing the certificates that are created using the certs makefile. I noticed that the CA certs (as well as server and client certs) use the default OpenSSL md5rsa signature algorithm. From the recently announced vulnerabilities against certs using this signature algorithm (http://www.kb.cert.org/vuls/id/836068), it would be better if these certificates used the sha1rsa signature algorithm instead.
Except a lot of systems still don't support certificates with SHA1 hashes. We had made that change a while ago, and it caused problems. So we changed it back.
It's easier to leave it as MD5. If people need SHA1 for security, they can edit the files and create better certificates.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Alan T DeKok -
Walter Goulet