On Wed, 1 Oct 2014, Stuart Henderson wrote: > Over the coming months, web browsers will progressively start to first > warn for certificate chains including SHA-1 hashes, then treat them > as insecure (including disabling certain content - scripts etc). > Chrome are initially doing this for certs expiring after Jan 2017, > but will progressively slide it forward to certs expiring after > Jan 2016. > > Since my previous attempt to at least show this in ssl(8) examples > for "openssl req" a few months ago, I've spent some time digging for > where the defaults are set in the code as a nicer place to set sane > values, but haven't tracked it down yet. Would it be OK to set it > in the default config for now? (or does anyone have an idea of where > in the code this comes from?)
Welcome to libkitchensink... I'd need to quadruple check, however this should come from openssl/req.c do_X509_sign() being called with a NULL digest, which calls openssl/req.c do_sign_init() with a NULL md, which calls crypto/evp/m_sigver.c EVP_DigestSignInit() with md being NULL, which calls crypto/evp/m_sigver.c do_sigver_init() with type being NULL, which results in: if (type == NULL) { int def_nid; if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) type = EVP_get_digestbynid(def_nid); } EVP_PKEY_get_default_digest_nid() returns the default digest associated with the given PKEY. Since you're using RSA, pkey_ctrl is implemented by crypto/rsa/rsa_ameth.c rsa_pkey_ctrl(), which has: case ASN1_PKEY_CTRL_DEFAULT_MD_NID: *(int *)arg2 = NID_sha1; return 1; Catch all that? To make SHA-256 the default for RSA, we'd have to change that from NID_sha1 to NID_sha256... (and yes, clearly I've spent too much time in this code base recently... :) > Index: openssl.cnf > =================================================================== > RCS file: /cvs/src/lib/libcrypto/openssl.cnf,v > retrieving revision 1.1 > diff -u -p -r1.1 openssl.cnf > --- openssl.cnf 11 Apr 2014 22:51:53 -0000 1.1 > +++ openssl.cnf 30 Sep 2014 22:42:53 -0000 > @@ -7,7 +7,8 @@ > > #################################################################### > [ req ] > -default_bits = 1024 > +default_bits = 2048 > +default_md = sha256 > default_keyfile = privkey.pem > distinguished_name = req_distinguished_name > attributes = req_attributes -- "Action without study is fatal. Study without action is futile." -- Mary Ritter Beard