Bug ID 1088406
Summary Postfix ssl certificate uses deprecated algorithm for signing
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Other
Assignee bnc-team-screening@forge.provo.novell.com
Reporter joe_morris@ntm.org
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

The setting default_md setting is set to md5. This creates a certificate
clients cannot trust. See https://bugzilla.mozilla.org/show_bug.cgi?id=802699 .
Setting it to default may be better (see
https://serverfault.com/questions/744076/openssl-what-is-the-public-key-default-md
)as on my Leap_42.3 it now creates a certificate whose signing algorithm is now
PKCS #1 SHA-256 With RSA Encryption instead of the formerly untrusted PKCS #1
MD5 With RSA Encryption. This is using /usr/sbin/config.postfix script to
create the certificate, which still works great with the change of default_md
from md5 to default in /etc/postfix/openssl_postfix.conf.in . i just ran into
this trying to get an Outlook client to work with my Postfix, and this did the
trick.

You are receiving this mail because: