[Bug 1088406] New: Postfix ssl certificate uses deprecated algorithm for signing
http://bugzilla.opensuse.org/show_bug.cgi?id=1088406 Bug ID: 1088406 Summary: Postfix ssl certificate uses deprecated algorithm for signing Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: bnc-team-screening@forge.provo.novell.com Reporter: joe_morris@ntm.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- The setting default_md setting is set to md5. This creates a certificate clients cannot trust. See https://bugzilla.mozilla.org/show_bug.cgi?id=802699 . Setting it to default may be better (see https://serverfault.com/questions/744076/openssl-what-is-the-public-key-defa... )as on my Leap_42.3 it now creates a certificate whose signing algorithm is now PKCS #1 SHA-256 With RSA Encryption instead of the formerly untrusted PKCS #1 MD5 With RSA Encryption. This is using /usr/sbin/config.postfix script to create the certificate, which still works great with the change of default_md from md5 to default in /etc/postfix/openssl_postfix.conf.in . i just ran into this trying to get an Outlook client to work with my Postfix, and this did the trick. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1088406
http://bugzilla.opensuse.org/show_bug.cgi?id=1088406#c1
Andreas Stieger
The setting default_md setting is set to md5.
Security would really like to see this fixed to SHA-2.. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1088406
http://bugzilla.opensuse.org/show_bug.cgi?id=1088406#c2
--- Comment #2 from Joe Morris
participants (1)
-
bugzilla_noreply@novell.com