Description of problem: /etc/pki/tls/certs/Makefile invokes openssl in such a way that certificates are signed with SHA-1. SHA-1 is insecure and should not be used anymore according to NIST Special Publication 800-131A (http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf) Use at least SHA256. See p. 14: "SHA-1 shall not be used for digital signature generation after December 31, 2013." Version-Release number of selected component (if applicable): openssl-1.0.1e-37.fc20.i686 How reproducible: always Steps to Reproduce: 1. generated certificate with /etc/pki/tls/certs/Makefile Actual results: SHA-1 signature Expected results: SHA-256 signature Additional info: invoke openssl with -sha256 see also 1058108
Please try openssl-1.0.1e-39.fc21.
Seems to work. This brings it up to date, thanks. It would be good to have this in f20, too, as f20 will still be in use for quite some time. There is another problem: The hash is fixed (previously to SHA-1, now to SHA-256). Instead, it should be chosen according to the key size. See "Recommendation for Key Management," NIST Special Publication 800-57 Part 1 Rev. 3, 07/2012. Use SHA-256 only for RSA bits <= 3072 use SHA-384 for 3072 < RSA bits <= 7680 use SHA-512 for 7680 < RSA bits See also bug 1062444. Do you want me to open another bug for this?
To properly fix this so the hash is chosen according to the key size it would be better to do it in the library code by choosing the hash in the ASN1_PKEY_CTRL_DEFAULT_MD_NID calls for each public key algorithm. This should be implemented upstream first. You can open a RFE for this here but I'd suggest to open it in the upstream issue tracker by sending e-mail to rt as well.