This is a multi-part message in MIME format.

------=_NextPart_surgeweb_102162035_mpa=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Ok think I have just implemented the required changes to have surgemail sign=
 the CSRs using SHA1 instead of MD5. 

You will need a 4.0r3+ build of surgemail and enable the setting g_ssl_sha1_=
sign. What platfrom are you on and I'll generate a new build for you.

Please let me know if it works correctly for you. If it proves to work as it=
 should and others find CA's are all going this way, we may well make this t=
he surgemail default at some stage.

Marijn

--- Original message ---
Subject: Re: [SurgeMail List] SSL Certificate issues.
From: Surgemail Support (Marijn) <surgemail-support@netwinsite.com>
To:  <surgemail-list@netwinsite.com>
Date: 05/05/2009  8:52 PM


We will look into it thanks - Nor chris not I was aware there was any issue =
here.

Marijn


--- Original message ---
Subject: [SurgeMail List] SSL Certificate issues.
From: Thomas Houseman <thomas@houseman.id.au>
To:  <surgemail-list@netwinsite.com>
Date: 04/05/2009  1:45 PM



Hi,
 
I=e2=80=99m trying to get a new SSL certificate fromwww.startssl.comand they=
 say that the CSR (certificate signing request)  surgemail generates isn=e2=
=80=99t secure... they say:
 
=e2=80=9cYour certificate request was created with a potentially weak signat=
ure algorithm.
A weakness in the MD5 cryptographic hash function allows the construction of=
 different messages with the same MD5 hash. This is known as an MD5 "collisi=
on". StartCom disallows the use of MD5 hash signatures for all end-user cert=
ificates. SHA1 or better should be used instead.=e2=80=9d
 
Is there anything I can do  to change the method surgemail uses to a secure =
one?
 
Thanks,
 
Thomas.
 
 

------=_NextPart_surgeweb_102162035_mpa=

Last Next