[PATCH] Don't auto-generate SHA1 certificates any more
abartlet at samba.org
Wed Aug 9 19:18:46 UTC 2017
On Wed, 2017-08-09 at 09:05 -0400, Simo wrote:
> On Wed, 2017-08-09 at 17:01 +1200, Andrew Bartlett via samba-technical
> > Samba's self-signed certificates are meant to be replaced by proper
> > certificates, but few people do that.
> > Either way, we shouldn't use SHA1. It has been on the 'do not use'
> > list for quite some time now.
> > If someone can review this into master, I would then like to backport
> > it to supported releases.
> Maybe we should leave them to use SHA1 so that it becomes overly clear
> that people should replace them ?
No. They are fine for trust-on-first-use kind of operations. Having
it this way just causes trouble with auditors and likely library-level
refusal in the future.
The default security mechanisms within the software produced by the
project SHOULD NOT depend on cryptographic algorithms or modes with
known serious weaknesses (e.g., the SHA-1 cryptographic hash algorithm
or the CBC mode in SSH).
There is no good reason to autogenerate these certificates with SHA1
when a simple code change can bring it to a supported standard.
We describe well how to get real certificate here:
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical