On Fri, Oct 15 2021 at 10:10:38 AM +0200, Björn Persson
<bj...@xn--rombobjrn-67a.se> wrote:
My question is: Is it true that this usage of SHA-1 makes the TLS
session weak, so that it's correct to forbid it in the crypto policy?
Hm, I think Fedora's crypto policy should not be stricter than upstream
Firefox. This should probably be allowed.
Enterprise distros are intentionally trying to be stricter and
completely remove SHA-1, but Fedora is not an enterprise distro and
breaking websites that work fine everywhere else is not OK for Fedora.
Or could it be that Qualys is right? Perhaps SHA-1 is fine for this
use
case, even though it's too weak for other use cases, and the crypto
policy should allow it?
SHA-1 is blocked in certificate signatures because those can be
attacked offline. Signatures in the TLS handshake are entirely
different. I'm hardly an expert, but I think the attacker only has a
few seconds to generate a hash collision before the user gives up and
closes the browser tab. Spending several months trying to find a
collision is not an option here. Am I wrong?
Michael
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
