Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests in ssl-opts are too dependent on SHA1 #2008

Open
RonEld opened this issue Sep 6, 2018 · 1 comment
Open

tests in ssl-opts are too dependent on SHA1 #2008

RonEld opened this issue Sep 6, 2018 · 1 comment
Labels
component-tls enhancement good-first-issue Good for newcomers help-wanted This issue is not being actively worked on, but PRs welcome. historical-reviewed Reviewed & agreed to keep legacy PR/issue size-m Estimated task size: medium (~1w)

Comments

@RonEld
Copy link
Contributor

RonEld commented Sep 6, 2018

Description

  • Type: Enhancement
  • Priority: Major

Tests in the ssl-opts.sh are dependent on Sha1, as the CA file used is hashed with SHA1.
Need to change the certificates used in the test to SHA256 based, unless these are explicitly testing SHA1.

Enhancement\Feature Request

Justification - why does the library need this feature?

SHA1 has been breached, and should not be used by default

Suggested enhancement
Replace all the certificates used in ssl-opts.sh and remove the default allow_sha1=1
@RonEld RonEld mentioned this issue Sep 6, 2018
Merged
@daverodgman daverodgman added the historical-reviewing Currently reviewing (for legacy PR/issues) label Oct 20, 2022
@tom-cosgrove-arm tom-cosgrove-arm changed the title tests in ssl-opts are too dependant on SHA1 tests in ssl-opts are too dependent on SHA1 Oct 21, 2022
@daverodgman daverodgman added historical-reviewed Reviewed & agreed to keep legacy PR/issue help-wanted This issue is not being actively worked on, but PRs welcome. good-first-issue Good for newcomers size-m Estimated task size: medium (~1w) and removed historical-reviewing Currently reviewing (for legacy PR/issues) labels Oct 21, 2022
@gilles-peskine-arm
Copy link
Contributor

Related: #4660, which is specifically about SHA-1 in test data used by openssl interop tests in ssl-opt.sh in development.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component-tls enhancement good-first-issue Good for newcomers help-wanted This issue is not being actively worked on, but PRs welcome. historical-reviewed Reviewed & agreed to keep legacy PR/issue size-m Estimated task size: medium (~1w)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@daverodgman @RonEld @gilles-peskine-arm