Bug#863270: cups: https uses SHA-1 signature algorithm
Package: cups-daemon
Version: 2.2.1-8
Severity: normal
Dear Maintainer,
the cups webserver on port 631 supports the https protocol.
When browsing cups using the https protocol a certificate/key pair is
created in /etc/cups/ssl.
$ openssl x509 -in /etc/cups/ssl/hostname.crt -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1495639838 (0x5925a71E)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = US, CN = hostname, O = hostname, OU = Unknown, ST = Unknown, L = Unknown
Validity
Not Before: May 24 15:30:42 2017 GMT
Not After : May 22 15:30:42 2027 GMT
Subject: C = US, CN = hostname, O = hostname, OU = Unknown, ST = Unknown, L = Unknown
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Using SHA-1 as signature algorithm is unsafe.
This algorithm will not be accepted in future browser versions.
I have no clue why the country is set to US. That is not where my system is.
Please, remove this bogus when fixing the SHA-1 issue.
Best regards
Heinrich Schuchardt
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64
(x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages cups depends on:
ii cups-client 2.2.1-8
ii cups-common 2.2.1-8
ii cups-core-drivers 2.2.1-8
ii cups-daemon 2.2.1-8
ii cups-filters 1.11.6-3
ii cups-ppdc 2.2.1-8
ii cups-server-common 2.2.1-8
ii debconf [debconf-2.0] 1.5.60
ii ghostscript 9.20~dfsg-3.2
ii libavahi-client3 0.6.32-2
ii libavahi-common3 0.6.32-2
ii libc-bin 2.24-10
ii libc6 2.24-10
ii libcups2 2.2.1-8
ii libcupscgi1 2.2.1-8
ii libcupsimage2 2.2.1-8
ii libcupsmime1 2.2.1-8
ii libcupsppdc1 2.2.1-8
ii libgcc1 1:6.3.0-18
ii libstdc++6 6.3.0-18
ii libusb-1.0-0 2:1.0.21-1
ii poppler-utils 0.48.0-2
ii procps 2:3.3.12-3
Versions of packages cups recommends:
ii avahi-daemon 0.6.32-2
ii colord 1.3.3-2
ii cups-filters [ghostscript-cups] 1.11.6-3
ii printer-driver-gutenprint 5.2.11-1+b2
Versions of packages cups suggests:
ii cups-bsd 2.2.1-8
pn cups-pdf <none>
ii foomatic-db-compressed-ppds [foomatic-db] 20161201-1
ii hplip 3.16.11+repack0-3
ii printer-driver-hpcups 3.16.11+repack0-3
pn smbclient <none>
ii udev 232-23
-- debconf information:
cupsys/raw-print: true
cupsys/backend: lpd, socket, usb, snmp, dnssd
Reply to: