[
https://issues.apache.org/jira/browse/KNOX-3118?focusedWorklogId=965325&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-965325
]
ASF GitHub Bot logged work on KNOX-3118:
----------------------------------------
Author: ASF GitHub Bot
Created on: 09/Apr/25 01:17
Start Date: 09/Apr/25 01:17
Worklog Time Spent: 10m
Work Description: cxm940188 commented on PR #1015:
URL: https://github.com/apache/knox/pull/1015#issuecomment-2788042710
> @cxm940188 - tests are failing. Could you please check if those issues are
related to your changes?
The failed parts of the workflow tests are not within the scope of my
modifications. Interestingly, the code changes in the latest commit are
identical to the second commit ( all workflow test passed). I wonder
Issue Time Tracking
-------------------
Worklog Id: (was: 965325)
Time Spent: 1h 50m (was: 1h 40m)
> Upgrade Knox SSL Self-Signed Certificate from SHA-1 to SHA-256
> --------------------------------------------------------------
>
> Key: KNOX-3118
> URL: https://issues.apache.org/jira/browse/KNOX-3118
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.6.0
> Reporter: ChenXi
> Priority: Major
> Labels: security
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> SHA-1, currently used in Knox's current SSL certificates, is
> cryptographically broken. Proven collision attacks (e.g., SHAttered attack in
> 2017) allow malicious actors to forge certificates, exposing Knox to
> man-in-the-middle (MITM) attacks.
> Major browsers (Chrome, Firefox) and operating systems deprecated SHA-1
> support by 2017, leading to trust warnings for SHA-1-based certificates.
> Therefore, it is necessary to upgrade the default self-signing algorithm of
> knox from SHA1 to the more secure SHA2(e.g. SHA256).
> *Reference:*
> * SHA-1 : [https://en.wikipedia.org/wiki/SHA-1]
> * SHA-2: [https://en.wikipedia.org/wiki/SHA-2]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
