Subject: misc/26838: exmaples/openssl/ssl.cnf has an insecure default
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <smb@research.att.com>
List: netbsd-bugs
Date: 09/02/2004 21:40:39
>Number: 26838
>Category: misc
>Synopsis: exmaples/openssl/ssl.cnf has an insecure default
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: misc-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Sep 03 01:41:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Steven M. Bellovin
>Release: NetBSD 2.0_BETA
>Organization:
AT&T Labs Research
>Environment:
System: NetBSD berkshire.research.att.com 2.0_BETA NetBSD 2.0_BETA (BERKSHIRE) #2: Thu Aug 26 17:35:54 EDT 2004 smb@berkshire.research.att.com:/usr/BUILD/obj/sys/arch/i386/compile/BERKSHIRE i386
Architecture: i386
Machine: i386
>Description:
/usr/share/examples/openssl/openssl.cnf has a line
default_md = md5
This isn't very secure any more; it should use sha1.
>How-To-Repeat:
see above
>Fix:
Change the line to
default_md = sha1
>Release-Note:
>Audit-Trail:
>Unformatted: