Re: Updating SSL keys on fedoraproject.org 2011-03-10
On 2011-03-11, Chris Adams cmad...@hiwaay.net wrote: Once upon a time, Petr Pisar ppi...@redhat.com said: This year? In Europe we are over. All quallified CA's are forbiden to issue SHA-1 certificates since begin of 2010. Cite? There is a study ETSI TS 102 176-1 V2.0.0 (called `ALGO Paper') http://webapp.etsi.org/action/PU/20071120/ts_10217601v02p.pdf by ETSI that recommends algorithms and their safety in time. Then each European country implements national standards. E.g. Czech Republic requires at lest 2048b RSA with SHA-2 since 2010-01-01, the same applies to Germany or Slovakia. Unfortuntally none of documents I can find now are not in English. AFAIK American NIST states federal beaureus should stop to use SHA-1 at the end of 2010 (except HMAC, KDF or RNG usages). https://europa.eu/ uses SHA-1 on a cert issued in February 2010. This is not a quallified (or more precisely system) certificate. This is pure certificate you can buy from any one without any legal implications. -- Petr -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Updating SSL keys on fedoraproject.org 2011-03-10
On 2011-03-11, Chris Adams cmad...@hiwaay.net wrote: Once upon a time, Ralf Ertzinger fed...@camperquake.de said: this document is about a quite special case (regarding lawfully binding digital signatures) and not about SSL in general. I took a short look at software support for other SSL hashes: - OpenSSL: openssl only offers md5, sha1, md2, mdc2, md4 for generating a signing request or signing a cert Not true: $ openssl req -newkey rsa:2048 -sha256 -new -utf8 -out test.req [...] $ openssl req -noout -text test.req Certificate Request: [...] Signature Algorithm: sha256WithRSAEncryption The openssl FOO usage output is out-dated. You need to reuse options from other subcommands (e.g. openssl dgst -h). - NSS: certutil doesn't seem to offer the option to set the digest (I didn't see one in -H output and there's no man/info page) NSS is under-documented. E.g. I could not figure out how to select a hardware cryptoengine. - GnuTLS: certtool supports up to SHA512 for signing, although it only used SHA-1 for a signing request (it appeared to ignore the --hash option when generating a request) Yes, there is a bug with selecting hash algorithm. -- Petr -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Updating SSL keys on fedoraproject.org 2011-03-10
On 2011-03-10, Robert Relyea rrel...@redhat.com wrote: SHA-1 is also used in the certificate. That, in theory, doesn't require TLS 1.2, though only TLS 1.2 includes protocol to tell servers what hashing algorithms the clients support, so in a strict sense only TLS tells you whether or not it's safe to use a cert with something other than SHA-1 or MD5. Most modern browers will support SHA-2 algorithms in the certificate (even when using SSL3, to TLS 1.x). The notable exceptions is verisons of Windows older than Windows XP service patch 3, and several older phones. That's the hash usage I refered. I was amazed the certificate signature algorithm is RSAwithSHA1. As it was said this does not dependend on TLS version. Many CA's are apparently starting to move SHA-256 roots this year, mostly driven by NIST standards. This year? In Europe we are over. All quallified CA's are forbiden to issue SHA-1 certificates since begin of 2010. -- Petr -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Updating SSL keys on fedoraproject.org 2011-03-10
Once upon a time, Petr Pisar ppi...@redhat.com said: This year? In Europe we are over. All quallified CA's are forbiden to issue SHA-1 certificates since begin of 2010. Cite? https://europa.eu/ uses SHA-1 on a cert issued in February 2010. Of course, they also haven't disabled the weak SSL ciphers, so it's hard to claim high security. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Updating SSL keys on fedoraproject.org 2011-03-10
On 03/11/2011 09:44 AM, Chris Adams wrote: Cite? https://europa.eu/ uses SHA-1 on a cert issued in February 2010. Of course, they also haven't disabled the weak SSL ciphers, so it's hard to claim high security. On my systems all I get is a blank page saying: Access Denied (policy_denied) Your system policy has denied access to the requested URL. For assistance, contact your network support team. I am guessing that it's their passive-aggressive way of saying we use obsolete protocol but it's your problem -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Updating SSL keys on fedoraproject.org 2011-03-10
On Fri, Mar 11, 2011 at 08:44:55AM -0600, Chris Adams wrote: Once upon a time, Petr Pisar ppi...@redhat.com said: This year? In Europe we are over. All quallified CA's are forbiden to issue SHA-1 certificates since begin of 2010. Cite? https://europa.eu/ uses SHA-1 on a cert issued in February 2010. Of course, they also haven't disabled the weak SSL ciphers, so it's hard to claim high security. I assume he meant since Januar 2011. This is at least the official statement for Germany: http://www.bundesnetzagentur.de/DE/Sachgebiete/QES/Veroeffentlichungen/Algorithmen/algorithmen_node.html http://www.bundesnetzagentur.de/cae/servlet/contentblob/192414/publicationFile/10008/2011AlgoKatpdf.pdf The relevant pages in the PDF document are pages 3 and 4, especially the table on page 4. Regards Till pgp9ItQ2BKdm5.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Updating SSL keys on fedoraproject.org 2011-03-10
Hi. On Fri, 11 Mar 2011 20:22:55 +0100, Till Maas wrote I assume he meant since Januar 2011. This is at least the official statement for Germany: http://www.bundesnetzagentur.de/DE/Sachgebiete/QES/Veroeffentlichungen/Algorithmen/algorithmen_node.html http://www.bundesnetzagentur.de/cae/servlet/contentblob/192414/publicationFile/10008/2011AlgoKatpdf.pdf For those not fluent in German: this document is about a quite special case (regarding lawfully binding digital signatures) and not about SSL in general. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Updating SSL keys on fedoraproject.org 2011-03-10
On Fri, Mar 11, 2011 at 08:37:39PM +0100, Ralf Ertzinger wrote: Hi. On Fri, 11 Mar 2011 20:22:55 +0100, Till Maas wrote I assume he meant since Januar 2011. This is at least the official statement for Germany: http://www.bundesnetzagentur.de/DE/Sachgebiete/QES/Veroeffentlichungen/Algorithmen/algorithmen_node.html http://www.bundesnetzagentur.de/cae/servlet/contentblob/192414/publicationFile/10008/2011AlgoKatpdf.pdf For those not fluent in German: this document is about a quite special case (regarding lawfully binding digital signatures) and not about SSL in general. Thanks, I meant to mention this, too. Btw. Petr was referring to these kind of signatures as well as far as I understand him: | All quallified CA's [...] ^^ Regards Till pgpNey6oGb53s.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Updating SSL keys on fedoraproject.org 2011-03-10
Once upon a time, Ralf Ertzinger fed...@camperquake.de said: this document is about a quite special case (regarding lawfully binding digital signatures) and not about SSL in general. I took a short look at software support for other SSL hashes: - OpenSSL: openssl only offers md5, sha1, md2, mdc2, md4 for generating a signing request or signing a cert - NSS: certutil doesn't seem to offer the option to set the digest (I didn't see one in -H output and there's no man/info page) - GnuTLS: certtool supports up to SHA512 for signing, although it only used SHA-1 for a signing request (it appeared to ignore the --hash option when generating a request) Once I had a SHA512 signed cert, OpenSSL recognized it and recognized the SHA512 signature. It looks like NSS can't just look at cert PEM file; you have to create a cert database and import the cert; I did that, and it didn't give an error, but I didn't see a way to be verbose about it to see that it actually recognized the signature algorithm. This was all on F14. I tried a few RHEL servers as well; on RHEL 4, OpenSSL did not recognize the signature algorithm (RHEL 5/6 did). I didn't try to set up Apache with a SHA512 cert to see what browsers recognized it. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Updating SSL keys on fedoraproject.org 2011-03-10
On 03/11/2011 12:18 PM, Chris Adams wrote: Once upon a time, Ralf Ertzingerfed...@camperquake.de said: this document is about a quite special case (regarding lawfully binding digital signatures) and not about SSL in general. I took a short look at software support for other SSL hashes: - OpenSSL: openssl only offers md5, sha1, md2, mdc2, md4 for generating a signing request or signing a cert - NSS: certutil doesn't seem to offer the option to set the digest (I didn't see one in -H output and there's no man/info page) By the way, man pages for the nss tools are in development https://bugzilla.redhat.com/show_bug.cgi?id=606020#c3 as you can see, they still need a lot of work - GnuTLS: certtool supports up to SHA512 for signing, although it only used SHA-1 for a signing request (it appeared to ignore the --hash option when generating a request) Once I had a SHA512 signed cert, OpenSSL recognized it and recognized the SHA512 signature. It looks like NSS can't just look at cert PEM file; you have to create a cert database and import the cert; I did that, and it didn't give an error, but I didn't see a way to be verbose about it to see that it actually recognized the signature algorithm. This was all on F14. I tried a few RHEL servers as well; on RHEL 4, OpenSSL did not recognize the signature algorithm (RHEL 5/6 did). I didn't try to set up Apache with a SHA512 cert to see what browsers recognized it. smime.p7s Description: S/MIME Cryptographic Signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Updating SSL keys on fedoraproject.org 2011-03-10
On 2011-03-10, Stephen Smoogen smo...@gmail.com wrote: We have already updated fedorahosted.org and will now be updating the cert for the main site: fedoraproject.org. The old certificate came from Equifax, was a 1024 bit key and had the fingerprint: [...] The new certificate is issued by GeoTrust, Inc and is a 4096 bit key with the fingerprint: Key length is not everything. Didn't you forget to upgrade hash algorithm? Sticking on SHA-1 that's been abandoned by ETSI and other authorities does not look most safely. -- Petr -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Updating SSL keys on fedoraproject.org 2011-03-10
On Thu, Mar 10, 2011 at 01:07, Petr Pisar ppi...@redhat.com wrote: On 2011-03-10, Stephen Smoogen smo...@gmail.com wrote: We have already updated fedorahosted.org and will now be updating the cert for the main site: fedoraproject.org. The old certificate came from Equifax, was a 1024 bit key and had the fingerprint: [...] The new certificate is issued by GeoTrust, Inc and is a 4096 bit key with the fingerprint: Key length is not everything. Didn't you forget to upgrade hash algorithm? Sticking on SHA-1 that's been abandoned by ETSI and other authorities does not look most safely. From my research to use the SHA-2 in TLS requires the user and server to be both able to talk TLS-1.2. From what I found at wikipedia (http://en.wikipedia.org/wiki/Transport_Layer_Security) Firefox does not support 1.2 (only Opera and IE8 do). -- Petr -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel -- Stephen J Smoogen. The core skill of innovators is error recovery, not failure avoidance. Randy Nelson, President of Pixar University. Let us be kind, one to another, for most of us are fighting a hard battle. -- Ian MacLaren -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Updating SSL keys on fedoraproject.org 2011-03-10
Stephen John Smoogen smooge at gmail.com writes: From my research to use the SHA-2 in TLS requires the user and server to be both able to talk TLS-1.2. From what I found at wikipedia (http://en.wikipedia.org/wiki/Transport_Layer_Security) Firefox does not support 1.2 (only Opera and IE8 do). It's being worked on, at least: https://bugzilla.mozilla.org/show_bug.cgi?id=480514 -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Updating SSL keys on fedoraproject.org 2011-03-10
On 03/10/2011 09:17 AM, Stephen John Smoogen wrote: On Thu, Mar 10, 2011 at 01:07, Petr Pisar ppi...@redhat.com wrote: On 2011-03-10, Stephen Smoogen smo...@gmail.com wrote: We have already updated fedorahosted.org and will now be updating the cert for the main site: fedoraproject.org. The old certificate came from Equifax, was a 1024 bit key and had the fingerprint: [...] The new certificate is issued by GeoTrust, Inc and is a 4096 bit key with the fingerprint: Key length is not everything. Didn't you forget to upgrade hash algorithm? Sticking on SHA-1 that's been abandoned by ETSI and other authorities does not look most safely. From my research to use the SHA-2 in TLS requires the user and server to be both able to talk TLS-1.2. From what I found at wikipedia (http://en.wikipedia.org/wiki/Transport_Layer_Security) Firefox does not support 1.2 (only Opera and IE8 do). There are more than one usage for SHA-1/SHA-2. TLS uses SHA-1 as an HMAC. SHA-1 is still strong for such use (though prudence would encourage one to move off of SHA-1 even for this operation). SHA-1 is also used in the certificate. That, in theory, doesn't require TLS 1.2, though only TLS 1.2 includes protocol to tell servers what hashing algorithms the clients support, so in a strict sense only TLS tells you whether or not it's safe to use a cert with something other than SHA-1 or MD5. Most modern browers will support SHA-2 algorithms in the certificate (even when using SSL3, to TLS 1.x). The notable exceptions is verisons of Windows older than Windows XP service patch 3, and several older phones. Many CA's are apparently starting to move SHA-256 roots this year, mostly driven by NIST standards. bob smime.p7s Description: S/MIME Cryptographic Signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Updating SSL keys on fedoraproject.org 2011-03-10
Various SSL keys are aging out so we will be updating them before anyone gets a This CERT is not valid. page. We have already updated fedorahosted.org and will now be updating the cert for the main site: fedoraproject.org. The old certificate came from Equifax, was a 1024 bit key and had the fingerprint: SHA1 Fingerprint=E7:6D:26:72:D6:A2:2D:7A:5C:CF:BB:D2:05:B9:8E:7C:49:F5:F8:A8 The new certificate is issued by GeoTrust, Inc and is a 4096 bit key with the fingerprint: SHA1 Fingerprint=F6:D6:28:85:64:B1:11:19:38:2A:82:EF:F8:F0:22:E8:27:4F:A5:CF Please report any problems with these certificates to ad...@fedoraproject.org The change in certs will happen around 2011-03-10 20:00 UTC Stephen Smoogen * Seasonal Infrastructure Chief Koffee Officer signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel