-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/x509: reject SHA-1 signatures in Verify #41682
Comments
This comment has been minimized.
This comment has been minimized.
This proposal has been added to the active column of the proposals project |
This comment has been minimized.
This comment has been minimized.
How many of the ancient servers being discussed in #45428 are serving SHA-1 signatures? |
SHA-1 in crypto/x509 is unrelated to crypto/tls, except to the extent that if you're running a legacy stack you're more likely to have both components be out of date. You can serve a SHA-1 certificate over TLS 1.3, if you felt like it. There are no publicly trusted SHA-1 certificates anymore, so we pretty much have no numbers about them. (Well, we do, and they say zero, but they don't capture internal deployments.) Anyone using them is doing it with their own managed CA. |
Based on the discussion above, this proposal seems like a likely accept. |
No change in consensus, so accepted. 🎉 |
https://golang.org/cl/327811 has the pre-announcement, moving to Go 1.18 for implementation. |
When using LibreSSL 2.8.3 the generated certs are using SHA1. This causes istiod to fail to start up due to changes in go 1.18 (see golang/go#41682). This also fixes the instructiosn for https://istio.io/latest/docs/tasks/security/cert-management/plugin-ca-cert/
When using LibreSSL 2.8.3 the generated certs are using SHA1. This causes istiod to fail to start up due to changes in go 1.18 (see golang/go#41682). This also fixes the instructiosn for https://istio.io/latest/docs/tasks/security/cert-management/plugin-ca-cert/
When using LibreSSL 2.8.3 the generated certs are using SHA1. This causes istiod to fail to start up due to changes in go 1.18 (see golang/go#41682). This also fixes the instructiosn for https://istio.io/latest/docs/tasks/security/cert-management/plugin-ca-cert/
When using LibreSSL 2.8.3 the generated certs are using SHA1. This causes istiod to fail to start up due to changes in go 1.18 (see golang/go#41682). This also fixes the instructiosn for https://istio.io/latest/docs/tasks/security/cert-management/plugin-ca-cert/ Co-authored-by: Jacob Delgado <[email protected]>
When using LibreSSL 2.8.3 the generated certs are using SHA1. This causes istiod to fail to start up due to changes in go 1.18 (see golang/go#41682). This also fixes the instructiosn for https://istio.io/latest/docs/tasks/security/cert-management/plugin-ca-cert/ Co-authored-by: Jacob Delgado <[email protected]>
When using LibreSSL 2.8.3 the generated certs are using SHA1. This causes istiod to fail to start up due to changes in go 1.18 (see golang/go#41682). This also fixes the instructiosn for https://istio.io/latest/docs/tasks/security/cert-management/plugin-ca-cert/ Co-authored-by: Jacob Delgado <[email protected]>
…wing SHA1 certificates This allows programs that want SHA1 support to call os.Setenv at startup instead of insisting that users set the environment variable themselves. For golang#41682. Fixes golang#56436. Fixes golang#56438. Change-Id: Idcb96212a1d8c560e1dd8eaf7c80b6266f16431e Reviewed-on: https://go-review.googlesource.com/c/go/+/445496 Reviewed-by: David Chase <[email protected]> Run-TryBot: Russ Cox <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Auto-Submit: Russ Cox <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/445655
Change https://go.dev/cl/629676 mentions this issue: |
@rolandshoemaker This is documented in godebug.md, but not in the Go 1.24 release notes. Do you think this should be documented there? |
Ah yes, probably. Will add a note. Thanks! |
Thanks. Reopening this with a release blocker so it's tracked. |
Change https://go.dev/cl/631677 mentions this issue: |
SHA-1 is weak: a SHA-1 collision was demonstrated and estimated to cost around $50k. https://shattered.io
Accepting SHA-1 signed certificates is a security issue, and lets attackers mount collision attacks if the CA is still signing SHA-1 certificates. crypto/x509 already rejects outright any MD5 signatures for the same reason.
The WebPKI has banned SHA-1 certificates for years now, and crypto/x509 targets a profile compatible with the WebPKI.
I propose we announce in Go 1.17 that we'll remove support in Go 1.18, and provide a GODEBUG opt-out until Go 1.19.
The text was updated successfully, but these errors were encountered: