Anonymous | Login | 2024-12-21 23:40 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0000418 | ClearOS | webconfig-php | public | 2011-12-31 16:56 | 2012-04-13 18:30 | ||||
Reporter | timb80 | ||||||||
Assigned To | user2 | ||||||||
Priority | normal | Severity | minor | Reproducibility | always | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | 5.2-SP1 | ||||||||
Target Version | Fixed in Version | 6.2.0 Beta 3 | |||||||
Summary | 0000418: Change SSL default config in app-ssl from md5 to sha1 | ||||||||
Description | OpenSSL now defaults to sha1 to sign certificates (/etc/pki/tls/openssl.cnf) due to the vulnerability of potential for hash collisions with md5 However the SSL config generated by the webconfig (/etc/ssl/openssl.cnf) is provided by app-ssl and still refers to md5 default_md = md5 | ||||||||
Additional Information | http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,25/func,view/id,36290/#36302 [^] http://en.wikipedia.org/wiki/MD5#Collision_vulnerabilities [^] | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Notes | |
(0000402) user2 2012-01-03 03:14 |
This was addressed in the version 6 implementation. |
Issue History | |||
Date Modified | Username | Field | Change |
2011-12-31 16:56 | timb80 | New Issue | |
2012-01-03 02:54 | user2 | Status | new => confirmed |
2012-01-03 03:14 | user2 | Note Added: 0000402 | |
2012-01-03 03:14 | user2 | Status | confirmed => resolved |
2012-01-03 03:14 | user2 | Fixed in Version | => 6.2 Beta 3 |
2012-01-03 03:14 | user2 | Resolution | open => fixed |
2012-01-03 03:14 | user2 | Assigned To | => user2 |
2012-04-13 18:30 | user2 | Status | resolved => closed |