Re: [exim] TLS verification errors in 4.69?

Góra strony
Delete this message
Reply to this message
Autor: Richard Clayton
Data:  
Dla: Heiko Schlittermann
CC: exim-users
Temat: Re: [exim] TLS verification errors in 4.69?
In message <20090616093646.GC12725@???>, Heiko
Schlittermann <hs@???> writes

>Andreas Metzler <eximusers@???> (Mo 15 Jun 2009 19:32:54 CEST):
>
>> gnutls night not be able to read the file-format, or perhaps
>> the signature algoritm is RSA-MD2, or whatever.
>
>Indeed - my own certs are signed RSA-MD5,


That's really unwise ... because of the weaknesses in MD5 people have
generated "pairs" of certificates and used them for various attacks.

As a result, many software suites are rapidly being reconfigured to
reject MD5 outright...

>the Thawte certs use SHA1.


SHA1 has its own problems, but the difficulty is that not all software
yet supports SHA256.

You would be well advised to move to SHA1 sooner rather than later, and
prepare to change hash function again in 2010

- -- 
richard                                                   Richard Clayton


Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755