assurance - Re: [Assurance] SHA-2 Update
Subject: Assurance
List archive
- From: "Cantor, Scott" <>
- To: "" <>
- Subject: Re: [Assurance] SHA-2 Update
- Date: Thu, 5 Sep 2013 21:02:30 +0000
- Accept-language: en-US
On 9/5/13 4:53 PM, "David Langenberg"
<>
wrote:
>Well, my concern is more about Protected Channels and TLS. After Dec 31,
>SHA1 is no good for the digital signatures used in TLS. Even if you
>don't consider HMAC to be a "digital signature" you still wind up with
>the problem of SP 800-131A listing SHA1 as 80 bit and 80 bit for HMAC
>generation expires Dec 31. Therefore, your TLS Connection by the
>user-agent to the Identity Provider needs to be using at least TLS1.2
>with a SHA2 HMAC which in my testing wasn't available wide-spread in
>browsers until just this summer. The result of us not being able to
>still use TLSv1 after Dec 31 will mean massive breakage of users who are
>not running recent browsers.
That of course is a whole 'nother fish kettle than the SHA-2 support alone.
BTW, RH supposedly was making noise about bumping RHEL6 to OpenSSL 1.0.1
to get TLS 1.2 support. No sign of it so far.
-- Scott
- [Assurance] SHA-2 Update, Ann West, 09/05/2013
- Re: [Assurance] SHA-2 Update, David Langenberg, 09/05/2013
- Re: [Assurance] SHA-2 Update, Ann West, 09/05/2013
- Re: [Assurance] SHA-2 Update, David Langenberg, 09/05/2013
- RE: [Assurance] SHA-2 Update, Capehart,Jeffrey D, 09/05/2013
- Re: [Assurance] SHA-2 Update, Cantor, Scott, 09/05/2013
- Re: [Assurance] SHA-2 Update, David Langenberg, 09/05/2013
- Re: [Assurance] SHA-2 Update, Cantor, Scott, 09/05/2013
- Re: [Assurance] SHA-2 Update, Ann West, 09/05/2013
- <Possible follow-up(s)>
- Re: [Assurance] SHA-2 Update, Joe St Sauver, 09/05/2013
- Re: [Assurance] SHA-2 Update, David Langenberg, 09/05/2013
- Re: [Assurance] SHA-2 Update, Joe St Sauver, 09/05/2013
- Re: [Assurance] SHA-2 Update, David Langenberg, 09/05/2013
Archive powered by MHonArc 2.6.16.