[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

deprecating MD5 in signature verification for gnutls-{cli,serv}

From: Daniel Kahn Gillmor
Subject: deprecating MD5 in signature verification for gnutls-{cli,serv}
Date: Tue, 30 Dec 2008 18:14:16 -0500
User-agent: Mozilla-Thunderbird (X11/20081018)

Hi folks--

In light of the recent demonstration of an attack against
X.509 PKI  using weaknesses in MD5 [0], i'm quite happy to
see that you must explicitly enable the use of MD5 for
certificate validation in gnutls for over 3 years
(from the 2005-11-07 NEWS entry):

- Due to cryptographic advances, verifying untrusted X.509
  certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
  GNUTLS_CERT_INSECURE_ALGORITHM verification output.  For
  applications that must remain interoperable, you can use the
  flags when verifying certificates.  Naturally, this is not
  recommended default behaviour for applications.  To enable the
  broken algorithms, call gnutls_certificate_set_verify_flags with the
  proper flag, to change the verification mode used by

However, gnutls-cli seems to blithely accept certificates that *are*
signed with an md5 hash.  You can see this from a debian system with:

echo | gnutls-cli --print-cert --x509cafile 
/etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem | 
certtool -i

This seems to be the case with both 2.4.2-4 and 2.6.3-1, afaict, 
but i haven't tested with 2.7.x. 

Are there plans to change this?



Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]