Menu

#9 default to a more secure default_md

open
William Roadcap
Security (2)
5
2012-10-26
2012-10-26
Peter Meyer
No

phpki is configured to use md5 as default hashing algorithm for certificates. Unfortunately, this prompts newer Chrome versions to tag this certificate as insecure. See http://blog.davidchristiansen.com/2012/04/solved-chrome-v18-self-signed-certs-and-signed-using-a-weak-signature-algorithm/ for details.

I have confirmed, that Chrome 23 does accept certificates generated by using sha256 hash.

I suggest to change all occurences of "default_md = md" to "default_md = sha256" or stronger.

Discussion

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.