On 2014-11-21 09:50, Patrik Båt wrote: > On 2014-11-20 18:21, Viktor Dukhovni wrote: >> On Thu, Nov 20, 2014 at 10:42:20AM +0100, Patrik B?t wrote: >> >>>> Ah thanks for the heads up, posttls-finger returned sha1, probably >>>> because it runs OpenSSL 1.0.x. >>> "The best practice algorithm is now sha1", maybe thats why it is default >>> in posttls-finger, or what do you say Viktor? :) >> That was written when MD5 was still in wide use. At this point >> even SHA-1 is no longer best practice. Instead, in many cases >> SHA2-256 is now preferred. There are still many cases for which >> SHA-1 is quite sufficient, but you have to understand the >> context to determine whether this applies. >> >> It seems that as a community, for better or worse, we tend to >> abandon crypto algorithms for all use-cases as soon as any use-case >> is broken. Therefore, SHA-1 is also now deprecated, even though >> e.g. SHA1-HMAC is still quite safe, and uses that only depend on >> 2nd-preimage resistance are also IIRC safe at this time. >> >> However, Postfix maintains a backwards-compatible default of md5. >> Perhaps now that we have a compatibility level, we could at least >> move to sha1 (moving to SHA2-256 would break with very old, but >> still supported by Postfix OpenSSL releases). >> > Thanks for the info Viktor, I will move to sha256 and for those with > very old openssl they will need to upgrade, btw do you know from what > version sha2-256 is supported by openssl? or maybe my google skillz can > help me with that. Thanks again Viktor! Reply to myself and who cares:
OpenSSL 0.9.8o+ (maybe n aswell) GNUTLS 1.7.4+
