SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001796: SSL should use SHA1 instead of MD5 - MantisBT
MantisBT - Endian Firewall
View Issue Details
0001796Endian FirewallSecuritypublic2009-04-18 09:372010-11-22 11:51
mike-f 
peter-endian 
normaltweakalways
closedfixed 
2.2-rc3 
2.52.4.1 
0001796: SSL should use SHA1 instead of MD5
certificates are signed using MD5-algorithm
we should change it to use SHA1 instead

/etc/ssl/openssl.cnf
/etc/openvpn/openssl.cnf
/etc/ipsec/openssl.conf


default_md = md5
-->
default_md = sha1
http://www.kb.cert.org/vuls/id/836068 [^]
MD5 vulnerable to collision attacks

No tags attached.
related to 0001883confirmed  update openssl to a more recent version 
Issue History
2009-04-18 09:37mike-fNew Issue
2009-04-18 10:34mike-fNote Added: 0002157
2009-04-18 11:22mike-fNote Added: 0002158
2009-05-19 07:33luca-endianRelationship addedrelated to 0001883
2010-09-20 18:03peter-endianStatusnew => confirmed
2010-09-20 18:03peter-endianTarget Version => 2.5
2010-09-24 14:25peter-endianStatusconfirmed => resolved
2010-09-24 14:25peter-endianFixed in Version => 2.4.1
2010-09-24 14:25peter-endianResolutionopen => fixed
2010-09-24 14:25peter-endianAssigned To => peter-endian
2010-11-22 11:51peter-endianStatusresolved => closed

Notes
(0002157)
mike-f   
2009-04-18 10:34   
also change the lines in
/etc/init.d/httpd

    echo "Signing certificate"
    openssl x509 -req -days 999999 -in \
        /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
        /etc/httpd/server.crt >/dev/null 2>&1
to

    echo "Signing certificate"
    openssl x509 -req -days 999999 -in \
        /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
        /etc/httpd/server.crt -sha1 >/dev/null 2>&1
(0002158)
mike-f   
2009-04-18 11:22   
with more recent openssl-versions we can even use -sha256 and -sha512