[Pkg-openssl-devel] Bug#546802: openssl: sha384 and sha512 too
xavier renaut
xavier.reportbug-debian.openssl.natch.2014.11.27.12.59.39 at pecos.8d.com
Thu Nov 27 18:03:26 UTC 2014
Package: openssl
Version: 1.0.1j-1
Followup-For: Bug #546802
Dear Maintainer,
* What led up to the situation?
PCI and general good practice security requires sha256 or more for signing certificates
* What exactly did you do (or not do) that was effective (or
ineffective)?
looking in the x509 man page for sign options :
-md2|-md5|-sha1|-mdc2
the digest to use. This affects any signing or display option that
uses a message digest, such as the -fingerprint, -signkey and -CA
options. If not specified then SHA1 is used. If the key being used
to sign with is a DSA key then this option has no effect: SHA1 is
always used with DSA keys.
* What was the outcome of this action?
no mention of sha256
* What outcome did you expect instead?
doc about sha256 sha384 and sha512
thanks
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (900, 'testing'), (600, 'unstable'), (449, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssl depends on:
ii libc6 2.19-11
ii libssl1.0.0 1.0.1j-1
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20140927
-- Configuration Files:
/etc/ssl/openssl.cnf changed [not included]
-- no debconf information
More information about the Pkg-openssl-devel
mailing list