[
https://issues.apache.org/jira/browse/KNOX-3118?focusedWorklogId=965356&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-965356
]
ASF GitHub Bot logged work on KNOX-3118:
----------------------------------------
Author: ASF GitHub Bot
Created on: 09/Apr/25 08:14
Start Date: 09/Apr/25 08:14
Worklog Time Spent: 10m
Work Description: cxm940188 commented on PR #1015:
URL: https://github.com/apache/knox/pull/1015#issuecomment-2788736940
> Thanks, @cxm940188 , for your contribution. Would you mind opening a DOC
JIRA and [updating the user
guide](https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-DocumentationContributorWorkflow)
with the new config?
Thanks, @smolnar82, for your guidance. I will shortly update the user guide
related to this PR.
Issue Time Tracking
-------------------
Worklog Id: (was: 965356)
Time Spent: 2.5h (was: 2h 20m)
> Upgrade Knox SSL Self-Signed Certificate from SHA-1 to SHA-256
> --------------------------------------------------------------
>
> Key: KNOX-3118
> URL: https://issues.apache.org/jira/browse/KNOX-3118
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.6.0
> Reporter: ChenXi
> Priority: Major
> Labels: security
> Time Spent: 2.5h
> Remaining Estimate: 0h
>
> SHA-1, currently used in Knox's current SSL certificates, is
> cryptographically broken. Proven collision attacks (e.g., SHAttered attack in
> 2017) allow malicious actors to forge certificates, exposing Knox to
> man-in-the-middle (MITM) attacks.
> Major browsers (Chrome, Firefox) and operating systems deprecated SHA-1
> support by 2017, leading to trust warnings for SHA-1-based certificates.
> Therefore, it is necessary to upgrade the default self-signing algorithm of
> knox from SHA1 to the more secure SHA2(e.g. SHA256).
> *Reference:*
> * SHA-1 : [https://en.wikipedia.org/wiki/SHA-1]
> * SHA-2: [https://en.wikipedia.org/wiki/SHA-2]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
