Bug 1099625
Summary: | Default message digest defaults to sha1 | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Ken Benoit <kbenoit> | |
Component: | freeradius | Assignee: | Nikolai Kondrashov <nikolai.kondrashov> | |
Status: | CLOSED ERRATA | QA Contact: | Eduard Benes <ebenes> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | medium | |||
Version: | 7.0 | CC: | dpal, ebenes, emcnabb | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | freeradius-3.0.4-0.1.rc2.el7 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1135439 (view as bug list) | Environment: | ||
Last Closed: | 2015-03-05 10:19:47 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1135439 |
Description
Ken Benoit
2014-05-20 19:02:12 UTC
Valid point, we already had patched the cnf file from upstream to move from md5 to sha1 a few years back. Upgrading to sha256 is good next step in the ever evolving cipher hardening. FWIW these files are meant to be temporary *example* certs uesd just to get started (we reduce the validity period just to reinfoce that idea) and our documentation clearly states you're supposed to acquire better certs in any real deployment. However the example should "lead by example" and indeed we should bump up the digest algorithm. Just saying this to avoid this being construed as a serious security issue. Fix merged upstream: https://github.com/FreeRADIUS/freeradius-server/pull/734 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0438.html |