Bug 5513 - don't use SHA-1 in our certificates as it is considered weak
Summary: don't use SHA-1 in our certificates as it is considered weak
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Other (show other bugs)
Version: pre-1.0
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.11.0
Assignee: Pierre Ossman
Keywords: nikle_tester, prosaic
Depends on:
Reported: 2015-04-29 11:12 CEST by Pierre Ossman
Modified: 2019-11-01 09:23 CET (History)
3 users (show)

See Also:
Acceptance Criteria:


Description Pierre Ossman cendio 2015-04-29 11:12:55 CEST
Firefox complains on the developer console about our default certs using SHA-1 and references this page:


It's not a security issue as the certificates are unsafe per design, but the complaints might get worse so we should probably consider changing the certificates at some point.

Might also need to update make-dummy-cert.
Comment 1 Henrik Andersson cendio 2017-04-06 12:20:14 CEST
Edge is explicitly complaining direct to end user with something like:

 "You should not trust this website, server is using SHA-1 certificate"

when connecting using Web Access client.
Comment 2 Pierre Ossman cendio 2019-10-16 13:39:40 CEST
The certificates generated by make-dummy-cert seems to be using SHA-256 though.
Comment 4 Pierre Ossman cendio 2019-10-22 14:02:17 CEST
Regenerated using the changes from bug 7401. This should hold us over for a while.

Long term we might want to regenerate these as part of the build. Or on install. Or perhaps even ask the admin and generate them with a proper hostname.
Comment 5 Pierre Ossman cendio 2019-10-24 09:27:40 CEST
This changed exposed a bug in tl-setup. See bug 7410.
Comment 6 Niko Lehto cendio 2019-11-01 09:23:00 CET
Tested in nightly build 6278 on:
* Windows 10 - Chrome 78, Firefox 70, IE 11 and Edge 18
* Android 8 - Chrome 78

Works good!

Note You need to log in before you can comment on or make changes to this bug.