Package: openssl Version: 1.0.1j-1 Followup-For: Bug #546802 Dear Maintainer,
* What led up to the situation? PCI and general good practice security requires sha256 or more for signing certificates * What exactly did you do (or not do) that was effective (or ineffective)? looking in the x509 man page for sign options : -md2|-md5|-sha1|-mdc2 the digest to use. This affects any signing or display option that uses a message digest, such as the -fingerprint, -signkey and -CA options. If not specified then SHA1 is used. If the key being used to sign with is a DSA key then this option has no effect: SHA1 is always used with DSA keys. * What was the outcome of this action? no mention of sha256 * What outcome did you expect instead? doc about sha256 sha384 and sha512 thanks -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (900, 'testing'), (600, 'unstable'), (449, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-3-amd64 (SMP w/8 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssl depends on: ii libc6 2.19-11 ii libssl1.0.0 1.0.1j-1 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20140927 -- Configuration Files: /etc/ssl/openssl.cnf changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org