MD5 -> SHA1 changes

author Alan T. DeKok <aland@freeradius.org>

Thu, 26 Jan 2012 09:02:09 +0000 (10:02 +0100)

committer Alan T. DeKok <aland@freeradius.org>

Thu, 26 Jan 2012 09:02:09 +0000 (10:02 +0100)
author Alan T. DeKok <aland@freeradius.org>
Thu, 26 Jan 2012 09:02:09 +0000 (10:02 +0100)
committer Alan T. DeKok <aland@freeradius.org>
Thu, 26 Jan 2012 09:02:09 +0000 (10:02 +0100)
diff --git a/raddb/certs/README b/raddb/certs/README

index 97344086e19949a1281bfdcd953b45afacb36ff0..8a7c2fcc303629351d71e78d5d097b9f1c314d4c 100644 (file)
--- a/raddb/certs/README
+++ b/raddb/certs/README
@@ -204,13 +204,13 @@ with ALL operating systems.  Some common issues are:
  
                 SECURITY CONSIDERATIONS
  
-The default certificate configuration files uses MD5 for message
-digests, to maintain compatibility with network equipment that
-supports only this algorithm.
+The default certificate configuration files used to use MD5 for
+message digests, to maintain compatibility with network equipment that
+supports only this algorithm.  They now use SHA1.
  
  MD5 has known weaknesses and is discouraged in favor of SHA1 (see
  http://www.kb.cert.org/vuls/id/836068 for details). If your network
-equipment supports the SHA1 signature algorithm, we recommend that you
+equipment requires the MD5 signature algorithm, we recommend that you
  change the "ca.cnf", "server.cnf", and "client.cnf" files to specify
  the use of SHA1 for the certificates. To do this, change the
-'default_md' entry in those files from 'md5' to 'sha1'.
+'default_md' entry in those files from 'sha1' to 'md5'.
author	Alan T. DeKok <aland@freeradius.org>
	Thu, 26 Jan 2012 09:02:09 +0000 (10:02 +0100)
committer	Alan T. DeKok <aland@freeradius.org>
	Thu, 26 Jan 2012 09:02:09 +0000 (10:02 +0100)