Hi,
In light of recently-published chosen-prefix attacks on SHA1 [1], I
caution that it is no longer safe to use Epiphany, or any other
WebKitGTK-based browser, or libsoup, or any applications based on
libsoup, or any other applications using GLib's networking facilities,
in combination with GnuTLS versions older than GnuTLS 3.6. GnuTLS
versions prior to 3.6 will accept certificates that use SHA1
signatures. It is now both possible and economically-feasible to forge
these signatures. Your secure connections can no longer be trusted to
be secure when using these older versions of GnuTLS.
Notably, this affects Ubuntu 18.04, which still uses GnuTLS 3.5, and
all derived distros. Many other distros are also affected.
Michael
[1]
https://arstechnica.com/information-technology/2020/01/pgp-keys-software-security-and-much-more-threatened-by-new-sha1-exploit/
_______________________________________________
desktop-devel-list mailing list
desktop-devel-list@gnome.org
https://mail.gnome.org/mailman/listinfo/desktop-devel-list
