[exim-cvs] spec: TLS certificates: avoid MD5

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] spec: TLS certificates: avoid MD5
Gitweb: http://git.exim.org/exim.git/commitdiff/167c587a5691aaf8fa04fbfad083fcdbe2277de6
Commit:     167c587a5691aaf8fa04fbfad083fcdbe2277de6
Parent:     89b68021dc688d91f57e0e20432477a57bfcf5ec
Author:     Phil Pennock <pdp@???>
AuthorDate: Sun Nov 10 05:16:27 2013 -0500
Committer:  Phil Pennock <pdp@???>
CommitDate: Sun Nov 10 05:16:27 2013 -0500


    spec: TLS certificates: avoid MD5


    Make it clearer in the spec, where talking about certificates, that MD5
    in certs is a really Quite Bad idea.
---
 doc/doc-docbook/spec.xfpt | 6 ++++++
 1 file changed, 6 insertions(+)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 614259a..4b9f53e 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -26057,6 +26057,12 @@ validation to succeed, of course, but if it's not preinstalled, sending the
root certificate along with the rest makes it available for the user to
install if the receiving end is a client MUA that can interact with a user.

+Note that certificates using MD5 are unlikely to work on today's Internet;
+even if your libraries allow loading them for use in Exim when acting as a
+server, increasingly clients will not accept such certificates. The error
+diagnostics in such a case can be frustratingly vague.
+
+

.section "Self-signed certificates" "SECID187"
.cindex "certificate" "self-signed"