http://bugzilla.opensuse.org/show_bug.cgi?id=1088406 Bug ID: 1088406 Summary: Postfix ssl certificate uses deprecated algorithm for signing Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: bnc-team-screening@forge.provo.novell.com Reporter: joe_morris@ntm.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- The setting default_md setting is set to md5. This creates a certificate clients cannot trust. See https://bugzilla.mozilla.org/show_bug.cgi?id=802699 . Setting it to default may be better (see https://serverfault.com/questions/744076/openssl-what-is-the-public-key-defa... )as on my Leap_42.3 it now creates a certificate whose signing algorithm is now PKCS #1 SHA-256 With RSA Encryption instead of the formerly untrusted PKCS #1 MD5 With RSA Encryption. This is using /usr/sbin/config.postfix script to create the certificate, which still works great with the change of default_md from md5 to default in /etc/postfix/openssl_postfix.conf.in . i just ran into this trying to get an Outlook client to work with my Postfix, and this did the trick. -- You are receiving this mail because: You are on the CC list for the bug.