+++ This bug was initially created as a clone of Bug #1684332 +++
Description of problem:
SSL/TLS: Certificate Signed Using A Weak Signature Algorithm
Customer using Vulnerability scanning tool to get this issue report
Below is the details:
The remote service is using a SSL/TLS certificate in the certificate chain that has been signed
using a cryptographically weak hashing algorithm.
Vulnerability Detection Result
The following certificates are part of the certificate chain but using insecure
Signature Algorithm: sha1WithRSAEncryption
Solution type: Mitigation
Servers that use SSL/TLS certificates signed with a weak SHA-1, MD5, MD4 or MD2 hashing
algorithm will need to obtain new SHA-2 signed SSL/TLS certificates to avoid web browser
SSL/TLS certificate warnings.
The following hashing algorithms used for signing SSL/TLS certificates are considered crypto-
graphically weak and not secure enough for ongoing use:
- Secure Hash Algorithm 1 (SHA-1)
- Message Digest 5 (MD5)
- Message Digest 4 (MD4)
- Message Digest 2 (MD2)
Beginning as late as January 2017 and as early as June 2016, browser developers such as Microsoft
and Google will begin warning users when visiting web sites that use SHA-1 signed Secure Socket
Layer (SSL) certificates.
NOTE: The script preference allows to set one or more custom SHA-1 fingerprints of CA certifi-
cates which are trusted by this routine. The fingerprints needs to be passed comma-separated
Vulnerability Detection Method
Check which hashing algorithm was used to sign the remote SSL/TLS certificate.
Details:SSL/TLS: Certificate Signed Using A Weak Signature Algorithm
Version used: $Revision: 8810 $
Fix is in openshift-ansible-3.11.98-1
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.