ChenXi created KNOX-3118:
----------------------------
Summary: Upgrade Knox SSL Self-Signed Certificate from SHA-1 to
SHA-256
Key: KNOX-3118
URL: https://issues.apache.org/jira/browse/KNOX-3118
Project: Apache Knox
Issue Type: Improvement
Components: Server
Affects Versions: 1.6.0
Reporter: ChenXi
SHA-1, currently used in Knox's current SSL certificates, is cryptographically
broken. Proven collision attacks (e.g., SHAttered attack in 2017) allow
malicious actors to forge certificates, exposing Knox to man-in-the-middle
(MITM) attacks.
Major browsers (Chrome, Firefox) and operating systems deprecated SHA-1 support
by 2017, leading to trust warnings for SHA-1-based certificates.
Therefore, it is necessary to upgrade the default self-signing algorithm of
knox from SHA1 to the more secure SHA2(e.g. SHA256).
*Reference:*
* SHA-1 : [https://en.wikipedia.org/wiki/SHA-1]
* SHA-2: [https://en.wikipedia.org/wiki/SHA-2]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
