Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-2366

Issue certificates using a stronger signature algorithm

    Details

    • Type: Improvement
    • Status: Done
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 5.5.0
    • Component/s: core server, security
    • Labels:
      None

      Description

      Although this is more important in the web browser area, CAs are being strongly discouraged from issuing certs signed using SHA-1 as that algorithm is now considered weak. Our replication certs and admin certs are currently signed using sha1WithRSAEncryption.

      We should switch, if possible, to SHA-256 or better.

      There are some good references to the problem at https://googleonlinesecurity.blogspot.co.uk/2014/09/gradually-sunsetting-sha-1.html

        Attachments

          Activity

            People

            • Assignee:
              ludo Ludovic Poitou
              Reporter:
              cjr Chris Ridd
              Dev Assignee:
              Ludovic Poitou
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: