Ubuntu patch FYI

Martin Pauly pauly at hrz.uni-marburg.de
Thu Feb 27 17:34:03 CET 2020

Am 25.02.20 um 23:41 schrieb Alan DeKok:
> You should use SHA-2 for all of your certs.  Everyone should have switched to that years ago.  :(
yes. There may be a corner case, though.
The root cert itself is not signed by anyone, of course.
I.e. technically, it's a self-signed cert.
If you have an SHA-1 signature part here, no security issue will arise,
but some TLS exchanges will break nevertheless.
We had this issue during a short period when we had started re-issuing all certs with
SHA-256 signatures except for the root cert itself.


   Dr. Martin Pauly     Phone:  +49-6421-28-23527
   HRZ Univ. Marburg    Fax:    +49-6421-28-26994
   Hans-Meerwein-Str.   E-Mail: pauly at HRZ.Uni-Marburg.DE
   D-35032 Marburg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5393 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200227/f2ccb535/attachment.bin>

More information about the Freeradius-Users mailing list