]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b387274) | patch
Note that SHA1 and MD5 x509 signatures are also forbidden at security level 1
authorArne Schwabe <arne@rfc2549.org>
Wed, 13 Oct 2021 13:16:58 +0000 (15:16 +0200)
committerTomas Mraz <tomas@openssl.org>
Tue, 26 Oct 2021 07:46:40 +0000 (09:46 +0200)
commite2e3f84fa5e96eb97b3cde46a213867fa79f235c
treec0009102f45d7cb4e3e4ebe8f4c5b51bea6f8d39tree | snapshot
parentb387274d0fb3097d3a252d397226b86b8f98f30dcommit | diff
Note that SHA1 and MD5 x509 signatures are also forbidden at security level 1

The exclusion of SHA1 for X509 signatures is not obvious as the "intuative"
idea is that SHA1 should have 80 security bits. However the security bits
of SHA1 are explicitly set to 63 to avoid the it being strong enough for
security level 1. x509_set.c has the comment:

    /*
     * SHA1 and MD5 are known to be broken. Reduce security bits so that
     * they're no longer accepted at security level 1.
     * The real values don't really matter as long as they're lower than 80,
     * which is our security level 1.
     */

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16895)
doc/man3/SSL_CTX_set_security_level.pod diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git