Package: ssl-cert
Version: 1.0.39
Severity: wishlist
The current default keylength for the snakeoil cert is 2048 bits. However,
these certs could now live for ten years (3650 days), which as I type
this could be upto 2028.
Various technical bodies are recently that for long-lived secrets,
a
Package: ssl-cert
Version: 1.0.39
Severity: normal
In the make_snakeoil() funtion, the code gets the FQDN of the system
via a call to 'hostname -f'. Then it checks if this the FQDN is longer
than 64 characters, and if it is, uses the short hostname.
However, a FQDN can be up to 255 octets per
Package: ssl-cert
Version: 1.0.35
Severity: important
Newer web browsers (Chrome 58+, Firefox 48+) are requiring that
Subject Alternative Names (SANs) be present in certificates,
and are ignoring the Common Name (CN) field.
The snakeoils certs generated by make-ssl-cert(8) currently do not
put
Package: ssl-cert
Version: 1.0.35
Severity: wishlist
The make-ssl-cert(8) utility has a bunch of things it can get from
debconf:
make-ssl-cert/vulnerable_prng:
make-ssl-cert/altname:
make-ssl-cert/hostname:
make-ssl-cert/title:
These are used in the ask_via_debconf() function.
So it's
Has anyone had a chance to look at this and consider the changes to
wheezy and/or squeeze-lts?
--
To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
Package: ssl-cert
Version: 1.0.32
Severity: normal
Version 1.0.35 in jessie/testing create snakeoil certs with SHA-256 as
the hasing algorithm, but the version is wheezy still uses SHA-1.
Given the change in policy of the major browsers (IE, FF, Chrome) to
start marking SHA-1-based certs as
Package: ssl-cert
Version: 1.0.32
Severity: normal
Dear Maintainer,
Currently running make-ssl-cert creates self-signed (snake oil) certificates
which use the Signature Algorithm sha1WithRSAEncryption. This has been fine
for the last few years, but there are some recently changes that warrant
This bug is marked as done, but that's only the case for the wheezy package
(2.2.22). I don't see new binaries for squeeze (2.2.16).
Can you either add the patch to the squeeze package or add something to
squeeze-backports?
--
To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org
Package: apache2
Version: 2.2.16-6+squeeze1
Severity: wishlist
Recent versions of of Apache support RFC 2817, which allows HTTP software to
'upgrade' connections from non-encrypted to encrypted status; it is sometimes
referred to StartTLS for HTTP.
http://tools.ietf.org/html/rfc2817
9 matches
Mail list logo