FYI we have a case open SR 621749103 with cisco they have asked for some logs but since my machine is working now… We can work with getting another user to get logs.
Jay On May 15, 2012, at 12:37 PM, Jason Meador wrote: > Our certificates are 2048 bits and we are still experiencing this problem. > Once I solve my other CCA TAC case and get a machine I can test from, I will > open a new case for this issue. > > -Jason > > > Jason Meador > Network Engineer > Santa Clara University > 408-551-1847 (desk) > [email protected]>>> "Young, Jay" <[email protected]> 5/15/2012 9:22 AM >>> > Just a note on this we have a few mac users affected. I just updated Safari > to 5.1.7, removed my trust for the NAC cert and the agent started working > again. We haven't tested for other users yet so I'm not positive this was the > fix. > > Jay > > On May 15, 2012, at 11:50 AM, Javier Henderson wrote: > > > Good find. Though note that the release note mentions "less than 1024 > > bits". I wonder if that is a typo and they meant "1024 bits or less". > > > > Javier Henderson > > [email protected] > > +1 919 574 5032 > > > > On May 15, 2012, at 11:12 AM, Mike King <[email protected]> wrote: > > > >> I did find a reference to this being a bug fix in 10.7.4 > >> > >> Lots of companies are deprecating certificate support for certificates > >> that are less than 2048bit. I wonder if Apple has just handled this > >> really bad.(IE, 1024 and less, unlike the description below) > >> > >> libsecurity > >> > >> Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to > >> v10.7.3, OS X Lion Server v10.7 to v10.7.3 > >> > >> Impact: Support for X.509 certificates with insecure-length RSA keys may > >> expose users to spoofing and information disclosure > >> > >> Description: Certificates signed using RSA keys with insecure key lengths > >> were accepted by libsecurity. This issue is addressed by rejecting > >> certificates containing RSA keys less than 1024 bits. > >> > >> CVE-ID > >> > >> CVE-2012-0655 > > -- > Jay Young > Sr Network Engineer > Office of the Chief Information Officer > The Ohio State University > 614.292.7350 -- Jay Young Sr Network Engineer Office of the Chief Information Officer The Ohio State University 614.292.7350
