Bug#773815: ssl-cert in wheezy should default to SHA-2-based certs

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#773815: ssl-cert in wheezy should default to SHA-2-based certs
From: David Magda <david.magda@oicr.on.ca>
Date: Tue, 23 Dec 2014 09:38:49 -0500
Message-id: <[🔎] 20141223143849.17342.73138.reportbug@cobalt.res.oicr.on.ca>
Reply-to: David Magda <david.magda@oicr.on.ca>, 773815@bugs.debian.org

Package: ssl-cert
Version: 1.0.32
Severity: normal

Version 1.0.35 in jessie/testing create snakeoil certs with SHA-256 as
the hasing algorithm, but the version is wheezy still uses SHA-1.

Given the change in policy of the major browsers (IE, FF, Chrome) to
start marking SHA-1-based certs as "insecure" going forward, it'd be
nice if make-ssl-cert(8) generated SHA-256 certs.

Could the fix done for bug #733255 be be brought in? I'd also be better
that the change done in "wheezy" and not "wheezy-backports".


Making this change for squeeze-lts (1.0.28) would also be handy.


-- System Information:
Debian Release: 7.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages ssl-cert depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.49
ii  openssl                1.0.1e-2+deb7u13

ssl-cert recommends no packages.

Versions of packages ssl-cert suggests:
pn  openssl-blacklist  <none>

-- debconf information excluded

Reply to:

Prev by Date: apache2_2.4.10-9_amd64.changes ACCEPTED into unstable
Next by Date: Bug#773841: mod_ssl: Broken SSL_CLIENT_S_DN_UID value
Previous by thread: apache2_2.4.10-9_amd64.changes ACCEPTED into unstable
Next by thread: Bug#773841: mod_ssl: Broken SSL_CLIENT_S_DN_UID value
Index(es):
- Date
- Thread