[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, 31 Dec 2008 09:43:08 +0000 Simon Waters <simon@xxxxxxxxxxxxxx> wrote: > http://www.win.tue.nl/hashclash/rogue-ca/ > > This link lists the certificate authorities trusted by Firefox that > issued MD5 certificates in July 2008. > > Looks like Equifax RapidSSL is the only one of significance. To check your certificate support in Epiphany, use: Tools | Manage Certificates Select the certificates listed on the above link, click View. Verify that the Details tab lists the Certificate Signature Algorithm as: PKCS #1 MD5 With RSA Encryption Certificates with: PKCS #1 SHA-1 With RSA Encryption are currently OK but would be better eventually with SHA-2. Epiphany shows an SHA1 and MD5 fingerprint for any certificate, it is the Signature Algorithm that matters for this exploit. A similar list can be found in firefox/iceweasel from: Edit|Preferences|Advanced|Encryption View Certificates Don't just blindly delete, consider exporting first so that you can test your regular https:// sites still work. To check the actual certificates used: Tools|Page Info|Security View Certificate Details Certificate Signature Algorithm whilst viewing the relevant page. Apparently, Launchpad uses SHA-1. ;-) (You don't have to login to check, just go to the login page - most login pages are already https:// - or just view the homepage and change http:// to https:// ) -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgpW8RVVBf5vJ.pgp
Description: PGP signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html