Dear Roberto
On Sun, Jun 9, 2024 at 1:16 PM Roberto Ragusa mail@robertoragusa.it wrote:
On 6/9/24 11:27, Dmitry Belyavskiy wrote:
On Sun, Jun 9, 2024 at 11:22 AM Zbigniew Jędrzejewski-Szmek <
zbyszek@in.waw.pl mailto:zbyszek@in.waw.pl> wrote:
In https://fedoraproject.org/wiki/SHA1SignaturesGuidance <
https://fedoraproject.org/wiki/SHA1SignaturesGuidance%3E:
> At the moment, we don't provide a public API to enable SHA-1
signature
> support in OpenSSL programmatically. We ask you to respect the
system
> administrator's configuration choice on this. We're planning to
work
> with OpenSSL upstream to introduce a more suitable API in the
future
Any news on this? Being able to make this policy configurable at
application
level would make things _much_ easier.
We don't plan to provide such an API, sorry. SHA1 is insecure. It should
be eliminated from the crypto contexts _before_ a second-preimage attack starts to cost $0.02
Is it the library's job to decide policies about security levels? Each time algorithms are "distrusted" people get problems mostly with things where security is not really critical at all, like connecting to their local hypervisor, their arduino boards, their home thermostat, etc. etc. etc. Let's hope at least the policies will be tweakable enough, I've seen cases where people were proposing removal of algorithms from the code, which is crazy (why should a library refuse to do an RC4 calculation for me?).
You still are able to use SHA1 and RC4 using openssl.
The distribution should provide a necessary level of security defaults.Those who understand why they don't need enough security, can relax any limitations.