Bug#773815: ssl-cert in wheezy should default to SHA-2-based certs
Package: ssl-cert
Version: 1.0.32
Severity: normal
Version 1.0.35 in jessie/testing create snakeoil certs with SHA-256 as
the hasing algorithm, but the version is wheezy still uses SHA-1.
Given the change in policy of the major browsers (IE, FF, Chrome) to
start marking SHA-1-based certs as "insecure" going forward, it'd be
nice if make-ssl-cert(8) generated SHA-256 certs.
Could the fix done for bug #733255 be be brought in? I'd also be better
that the change done in "wheezy" and not "wheezy-backports".
Making this change for squeeze-lts (1.0.28) would also be handy.
-- System Information:
Debian Release: 7.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages ssl-cert depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.49
ii openssl 1.0.1e-2+deb7u13
ssl-cert recommends no packages.
Versions of packages ssl-cert suggests:
pn openssl-blacklist <none>
-- debconf information excluded
Reply to: