[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
deprecating MD5 in signature verification for gnutls-{cli,serv}
From: |
Daniel Kahn Gillmor |
Subject: |
deprecating MD5 in signature verification for gnutls-{cli,serv} |
Date: |
Tue, 30 Dec 2008 18:14:16 -0500 |
User-agent: |
Mozilla-Thunderbird 2.0.0.17 (X11/20081018) |
Hi folks--
In light of the recent demonstration of an attack against
X.509 PKI using weaknesses in MD5 [0], i'm quite happy to
see that you must explicitly enable the use of MD5 for
certificate validation in gnutls for over 3 years
(from the 2005-11-07 NEWS entry):
- Due to cryptographic advances, verifying untrusted X.509
certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
GNUTLS_CERT_INSECURE_ALGORITHM verification output. For
applications that must remain interoperable, you can use the
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 or GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5
flags when verifying certificates. Naturally, this is not
recommended default behaviour for applications. To enable the
broken algorithms, call gnutls_certificate_set_verify_flags with the
proper flag, to change the verification mode used by
gnutls_certificate_verify_peers2.
However, gnutls-cli seems to blithely accept certificates that *are*
signed with an md5 hash. You can see this from a debian system with:
echo | gnutls-cli --print-cert --x509cafile
/etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem support.mayfirst.org |
certtool -i
This seems to be the case with both 2.4.2-4 and 2.6.3-1, afaict,
but i haven't tested with 2.7.x.
Are there plans to change this?
--dkg
[0] http://www.win.tue.nl/hashclash/rogue-ca/
signature.asc
Description: OpenPGP digital signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- deprecating MD5 in signature verification for gnutls-{cli,serv},
Daniel Kahn Gillmor <=