On Wed, Aug 2, 2017, at 11:01 AM, Viktor Dukhovni wrote: > This is SHA-1 as a keyed MAC for TLS message integrity, not SHA-1 > in certificates.
Yep > No better MAC is available for TLS 1.0 and 1.1, > for SHA2 ciphersuites you need TLS 1.2, which has not yet driven > out its predecessors. That settles it in any case. I leave it alone. > SHA-1 as a keyed MAC (HMAC IIRC) is not > believed vulnerable to collision attacks. Good to know > If there were a real problem, the onus to deprecate the weak code > points would be on OpenSSL and to some extent Postfix. As a user > you really should not be working so hard to optimize for security. I'll keep it up to understand it. Happy to use defaults as long as I understand them and the implications. Wouldn't be the first time there was an "onus" on somebody to do something, and it wasn't. Trust but verify! > If you're doing opportunistic TLS For this project, I'm not as of this morning. Switched to Mandatory TLS. Now just working on getting a good understanding of what's what when using it.