[Bug 1158767] New: RELNOTES - Certificates signed with MD5 algorithm are not verified anymore
bugzilla at redhat.com
bugzilla at redhat.com
Thu Oct 30 08:00:50 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1158767
Bug ID: 1158767
Summary: RELNOTES - Certificates signed with MD5 algorithm are
not verified anymore
Product: Fedora Documentation
Version: devel
Component: release-notes
Assignee: relnotes at fedoraproject.org
Reporter: tmraz at redhat.com
QA Contact: docs-qa at lists.fedoraproject.org
CC: relnotes at fedoraproject.org, wb8rcr at arrl.net,
zach at oglesby.co
Blocks: 168083 (fc5-relnotes-traqr)
OpenSSL was patched to disallow verification of certificates that are signed
with MD5 algorithm. The use of MD5 hash algorithm for certificate signatures is
now considered as insecure and thus all the main crypto libraries in Fedora
were patched to reject such certificates.
Certificates signed with MD5 algorithm are not present on public https web
sites anymore but they can be still in use on private networks or used for
authentication on openvpn based VPNs such as in bug 1157260. It is highly
recommended to replace such certificates with new ones signed with SHA256 or at
least SHA1. As a temporary measure the OPENSSL_ENABLE_MD5_VERIFY environment
variable can be set to allow verification of certificates signed with MD5
algorithm.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=168083
[Bug 168083] FC5 release notes tracker bug
--
You are receiving this mail because:
You are the QA Contact for the bug.
More information about the docs-qa
mailing list