Bug ID | 1088406 |
---|---|
Summary | Postfix ssl certificate uses deprecated algorithm for signing |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.3 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Other |
Assignee | bnc-team-screening@forge.provo.novell.com |
Reporter | joe_morris@ntm.org |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
The setting default_md setting is set to md5. This creates a certificate clients cannot trust. See https://bugzilla.mozilla.org/show_bug.cgi?id=802699 . Setting it to default may be better (see https://serverfault.com/questions/744076/openssl-what-is-the-public-key-default-md )as on my Leap_42.3 it now creates a certificate whose signing algorithm is now PKCS #1 SHA-256 With RSA Encryption instead of the formerly untrusted PKCS #1 MD5 With RSA Encryption. This is using /usr/sbin/config.postfix script to create the certificate, which still works great with the change of default_md from md5 to default in /etc/postfix/openssl_postfix.conf.in . i just ran into this trying to get an Outlook client to work with my Postfix, and this did the trick.