projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 526f1f1) | patch
Reduce the security bits for MD5 and SHA1 based signatures in TLS
authorKurt Roeckx <kurt@roeckx.be>
Thu, 2 Jan 2020 22:25:27 +0000 (23:25 +0100)
committerKurt Roeckx <kurt@roeckx.be>
Sat, 27 Jun 2020 06:41:40 +0000 (08:41 +0200)
commitaba03ae571ea677fc484daef00a21ca8f7e82708
treebf3f446083418e99c72828d32986d616c2e4c66btree | snapshot
parent526f1f1acab4fe96f618ab785a5f2ecabf0035d5commit | diff
Reduce the security bits for MD5 and SHA1 based signatures in TLS

This has as effect that SHA1 and MD5+SHA1 are no longer supported at
security level 1, and that TLS < 1.2 is no longer supported at the
default security level of 1, and that you need to set the security
level to 0 to use TLS < 1.2.

Reviewed-by: Tim Hudson <tjh@openssl.org>
GH: #10787
21 files changed:
CHANGES.md diff | blob | history
NEWS.md diff | blob | history
ssl/t1_lib.c diff | blob | history
test/recipes/70-test_renegotiation.t diff | blob | history
test/recipes/70-test_sslextension.t diff | blob | history
test/recipes/70-test_sslrecords.t diff | blob | history
test/recipes/70-test_sslsigalgs.t diff | blob | history
test/recipes/70-test_sslversions.t diff | blob | history
test/recipes/70-test_tls13downgrade.t diff | blob | history
test/ssl-tests/02-protocol-version.cnf diff | blob | history
test/ssl-tests/04-client_auth.cnf diff | blob | history
test/ssl-tests/04-client_auth.cnf.in diff | blob | history
test/ssl-tests/05-sni.cnf diff | blob | history
test/ssl-tests/05-sni.cnf.in diff | blob | history
test/ssl-tests/07-dtls-protocol-version.cnf diff | blob | history
test/ssl-tests/10-resumption.cnf diff | blob | history
test/ssl-tests/11-dtls_resumption.cnf diff | blob | history
test/ssl-tests/20-cert-select.cnf diff | blob | history
test/ssl-tests/20-cert-select.cnf.in diff | blob | history
test/ssl-tests/protocol_version.pm diff | blob | history
test/sslapitest.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.