This is a multi-part message in MIME format. ------=_NextPart_surgeweb_127141336_mpa= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I don't normally give out a build without explicitly testing changes myself = but when it comes to SSL CSR generation and certificate installation it is p= robably best for someone to do it for real with their own domain and CA. Anyway a latest windows build is here: ftp://netwinsite.com/pub/surgemail/specials/surgeweb/surgemail_40r_windows.e= xe As I think I noted previously you will need to enable: g_ssl_sha1_sign That should switch the CSR and certificate code to signing with SHA1 instead= of MD5 hashes. Anyway, let me know you you go if you try it (I'd like to he= ar about both successes and failures) Marijn --- Original message --- Subject: RE: [SurgeMail List] SSL Certificate issues. From: Thomas Houseman <thomas@houseman.id.au> To: <surgemail-list@netwinsite.com> Date: 06/05/2009 6:32 PM Thanks. I=e2=80=99m using the Windows build and happy to test it for you. Thomas. From:Surgemail Support (Marijn) [mailto:surgemail-support@netwinsite.com] Sent:Wednesday, 6 May 2009 1:10 PM To:surgemail-list@netwinsite.com<br>Subject:Re: [SurgeMail List] SSL Certifi= cate issues. OK try a new build when it is up to make sure it all works as it should for = you and if there are no problems let me know and I'll make surgemail use SHA= 1 by default. (also let me know if you do encounter any difficulties so I ca= n investigate and resolve them) If you let me know what platform you are after I can make sure there is a ne= w build there for you to try. Marijn --- Original message --- Subject: Re: [SurgeMail List] SSL Certificate issues. From: Neil Herber (nospam) <nospam@eton.ca> To: <surgemail-list@netwinsite.com> Date: 05/05/2009 11:33 PM On 2009-05-05 6:37 AM, Surgemail Support (Marijn) wrote: ....snip ... > Please let me know if it works correctly for you. If it proves to work > as it should and others find CA's are all going this way, we may well > make this the surgemail default at some stage. > > Marijn > From everything I have read, most CAs phased out MD5 in January 2009. For mo= re details see: http://www.win.tue.nl/hashclash/rogue-ca/ In particular see: http://www.kb.cert.org/vuls/id/836068 where they say: "Do not use the MD5 algorithm Software developers, Certification Authorities, website owners, and users sh= ould avoid using the MD5 algorithm in any capacity. As previous research has= demonstrated, it should be considered cryptographically broken and unsuitab= le for further use. Scrutinize SSL certificates signed by certificates using the MD5 algorithm" -- Neil Herber ------=_NextPart_surgeweb_127141336_mpa=
Last Next
Simple index of items from the news group
