rpms / openssl

Clone
Source Code
GIT

432cfa2 Allow disabling of SHA1 signatures

Authored and Committed by clang 2 years ago
raw patch tree parent
3 files changed. 733 lines added. 1 lines removed.
0049-Allow-disabling-of-SHA1-signatures.patch
file added
+503
0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
file added
+217
openssl.spec
file modified
+13 -1 
    Allow disabling of SHA1 signatures
    
    NOTE: This patch is ported from CentOS 9 / RHEL 9, where it defaults to
    denying SHA1 signatures. On Fedora, the default is – for now – to allow
    SHA1 signatures.
    
    In order to phase out SHA1 signatures, introduce a new configuration
    option in the alg_section named 'rh-allow-sha1-signatures'. This option
    defaults to true. If set to false, any signature creation or
    verification operations that involve SHA1 as digest will fail.
    
    This also affects TLS, where the signature_algorithms extension of any
    ClientHello message sent by OpenSSL will no longer include signatures
    with the SHA1 digest if rh-allow-sha1-signatures is false. For servers
    that request a client certificate, the same also applies for
    CertificateRequest messages sent by them.
    
    Resolves: rhbz#2070977
    Related: rhbz#2031742, rhbz#2062640
    Signed-off-by: Clemens Lang <cllang@redhat.com>
file added
+503
file added
+217
file modified
+13 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.