| Anonymous | Login | 2024-04-25 01:38 MDT |
| Main | My View | View Issues | Change Log | Roadmap | Repositories |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0000418 | ClearOS | webconfig-php | public | 2011-12-31 16:56 | 2012-04-13 18:30 | ||||
| Reporter | timb80 | ||||||||
| Assigned To | user2 | ||||||||
| Priority | normal | Severity | minor | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 5.2-SP1 | ||||||||
| Target Version | Fixed in Version | 6.2.0 Beta 3 | |||||||
| Summary | 0000418: Change SSL default config in app-ssl from md5 to sha1 | ||||||||
| Description | OpenSSL now defaults to sha1 to sign certificates (/etc/pki/tls/openssl.cnf) due to the vulnerability of potential for hash collisions with md5 However the SSL config generated by the webconfig (/etc/ssl/openssl.cnf) is provided by app-ssl and still refers to md5 default_md = md5 | ||||||||
| Additional Information | http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,25/func,view/id,36290/#36302 [^] http://en.wikipedia.org/wiki/MD5#Collision_vulnerabilities [^] | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0000402) user2 2012-01-03 03:14 |
This was addressed in the version 6 implementation. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2011-12-31 16:56 | timb80 | New Issue | |
| 2012-01-03 02:54 | user2 | Status | new => confirmed |
| 2012-01-03 03:14 | user2 | Note Added: 0000402 | |
| 2012-01-03 03:14 | user2 | Status | confirmed => resolved |
| 2012-01-03 03:14 | user2 | Fixed in Version | => 6.2 Beta 3 |
| 2012-01-03 03:14 | user2 | Resolution | open => fixed |
| 2012-01-03 03:14 | user2 | Assigned To | => user2 |
| 2012-04-13 18:30 | user2 | Status | resolved => closed |
|
Issue History |