SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
| Anonymous | Login | 2020-02-24 01:12 UTC |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0001796 | Endian Firewall | Security | public | 2009-04-18 09:37 | 2010-11-22 11:51 | ||||
| Reporter | mike-f | ||||||||
| Assigned To | peter-endian | ||||||||
| Priority | normal | Severity | tweak | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 2.2-rc3 | ||||||||
| Target Version | 2.5 | Fixed in Version | 2.4.1 | ||||||
| Summary | 0001796: SSL should use SHA1 instead of MD5 | ||||||||
| Description | certificates are signed using MD5-algorithm we should change it to use SHA1 instead /etc/ssl/openssl.cnf /etc/openvpn/openssl.cnf /etc/ipsec/openssl.conf default_md = md5 --> default_md = sha1 | ||||||||
| Additional Information | http://www.kb.cert.org/vuls/id/836068 [^] MD5 vulnerable to collision attacks | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
||||||
|
||||||
 Relationships |
|
Notes |
|
|
(0002157) mike-f (updater) 2009-04-18 10:34 |
also change the lines in /etc/init.d/httpd echo "Signing certificate" openssl x509 -req -days 999999 -in \ /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \ /etc/httpd/server.crt >/dev/null 2>&1 to echo "Signing certificate" openssl x509 -req -days 999999 -in \ /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \ /etc/httpd/server.crt -sha1 >/dev/null 2>&1 |
|
(0002158) mike-f (updater) 2009-04-18 11:22 |
with more recent openssl-versions we can even use -sha256 and -sha512 |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-04-18 09:37 | mike-f | New Issue | |
| 2009-04-18 10:34 | mike-f | Note Added: 0002157 | |
| 2009-04-18 11:22 | mike-f | Note Added: 0002158 | |
| 2009-05-19 07:33 | luca-endian | Relationship added | related to 0001883 |
| 2010-09-20 18:03 | peter-endian | Status | new => confirmed |
| 2010-09-20 18:03 | peter-endian | Target Version | => 2.5 |
| 2010-09-24 14:25 | peter-endian | Status | confirmed => resolved |
| 2010-09-24 14:25 | peter-endian | Fixed in Version | => 2.4.1 |
| 2010-09-24 14:25 | peter-endian | Resolution | open => fixed |
| 2010-09-24 14:25 | peter-endian | Assigned To | => peter-endian |
| 2010-11-22 11:51 | peter-endian | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |