<html> <head> <style> .sw_message P{margin:0px;padding:0px;} .sw_message {FONT-SIZE: 12pt;FONT-FAMILY:Tahoma,Arial,Helvetica,sans-serif;background:white;} </style> </head> <body class=3d"sw_message"> <div>I don't normally give out a build without explicitly testing changes my= self but when it comes to SSL CSR generation and certificate installation it= is probably best for someone to do it for real with their own domain and CA= ..</div><div><br></div>Anyway a latest windows build is here:<div>ftp://netwi= nsite.com/pub/surgemail/specials/surgeweb/surgemail_40r_windows.exe</div><di= v><br></div><div>As I think I noted previously you will need to enable: &nbs= p;g_ssl_sha1_sign</div><div><br></div><div>That should switch the CSR and ce= rtificate code to signing with SHA1 instead of MD5 hashes. Anyway, let me kn= ow you you go if you try it (I'd like to hear about both successes and failu= res)</div><div><br></div><div>Marijn</div><div><br _moz_editor_bogus_node=3d= "TRUE" _moz_dirty=3d""><br><br>--- Original message --- <br>Subject: RE: [Su= rgeMail List] SSL Certificate issues. <br>From: Thomas Houseman <thomas@h= ouseman.id.au> <br>To: <surgemail-list@netwinsite.com> <br>Date: 06/05/2= 009 6:32 PM<br><br><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3d"edit= " spidmax=3d"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapela= yout v:ext=3d"edit"> <o:idmap v:ext=3d"edit" data=3d"1" /> </o:shapelayou= t></xml><![endif]--><div><div class=3d"Section1"><p class=3d"MsoNormal"><spa= n style=3d"color:#1F497D">Thanks.<o:p></o:p></span></p><p class=3d"MsoNormal= "><span style=3d"color:#1F497D"><o:p> </o:p></span></p><p class=3d"MsoN= ormal"><span style=3d"color:#1F497D">I=e2=80=99m using the Windows build and= happy to test it for you.<o:p></o:p></span></p><p class=3d"MsoNormal"><span= style=3d"color:#1F497D"><o:p> </o:p></span></p><p class=3d"MsoNormal">= <span style=3d"color:#1F497D">Thomas.</span><span style=3d"font-size:11.0pt;= font-family:" =3d","sans-serif";color:#1f497d"=3d""" calibri><o:p></o:p></sp= an></p><p class=3d"MsoNormal"><span style=3d"font-size:11.0pt;font-family:" = =3d"1f497d"=3d""" calibri color:><o:p> </o:p></span></p><p class=3d"Mso= Normal"><span style=3d"font-size:11.0pt;font-family:" =3d"1f497d"=3d""" cali= bri color:><o:p> </o:p></span></p><div><div style=3d"border:none;border= -top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class=3d"MsoNormal"><= b><span lang=3d"EN-US" style=3d"font-size:10.0pt;font-family:" =3d","sans-se= rif""=3d""" tahoma>From:</span></b><span lang=3d"EN-US" style=3d"font-size:1= 0.0pt; font-family:" =3d","sans-serif""=3d""" tahoma> Surgemail Support (Mar= ijn) [mailto:surgemail-support@netwinsite.com] <br><b>Sent:</b> Wednesday, 6= May 2009 1:10 PM<br><b>To:</b> surgemail-list@netwinsite.com<br><b>Subje= ct:</b> Re: [SurgeMail List] SSL Certificate issues.<o:p></o:p></span></p></= div></div><p class=3d"MsoNormal"><o:p> </o:p></p><p class=3d"MsoNormal"= ><span style=3d"font-family:" =3d","sans-serif""=3d""" tahoma>OK try a new b= uild when it is up to make sure it all works as it should for you and if the= re are no problems let me know and I'll make surgemail use SHA1 by default. = (also let me know if you do encounter any difficulties so I can investigate = and resolve them) <o:p></o:p></span></p><div><div><p class=3d"MsoNormal= "><span style=3d"font-family:" =3d","sans-serif""=3d""" tahoma><o:p> </= o:p></span></p></div><div><p class=3d"MsoNormal"><span style=3d"font-family:= " =3d","sans-serif""=3d""" tahoma>If you let me know what platform you are a= fter I can make sure there is a new build there for you to try.<o:p></o:p></= span></p></div><div><p class=3d"MsoNormal"><span style=3d"font-family:" =3d"= ,"sans-serif""=3d""" tahoma><o:p> </o:p></span></p></div><div><p class= =3d"MsoNormal"><span style=3d"font-family:" =3d","sans-serif""=3d""" tahoma>= Marijn<o:p></o:p></span></p></div></div><p class=3d"MsoNormal" style=3d"marg= in-bottom:12.0pt"><span style=3d"font-family:" =3d","sans-serif""=3d""" taho= ma><br><br>--- Original message --- <br>Subject: Re: [SurgeMail List] SSL Ce= rtificate issues. <br>From: Neil Herber (nospam) <nospam@eton.ca> <br>To:= <surgemail-list@netwinsite.com> <br>Date: 05/05/2009 11:33 PM<br><br>On = 2009-05-05 6:37 AM, Surgemail Support (Marijn) wrote: <br>...snip ... <br><b= r>> Please let me know if it works correctly for you. If it proves to work <= br>> as it should and others find CA's are all going this way, we may well <= br>> make this the surgemail default at some stage. <br>> <br>> Marijn <br>>= <br><br>From everything I have read, most CAs phased out MD5 in January 200= 9. For more details see: <br><a href=3d"http://www.win.tue.nl/hashclash/rogu= e-ca/" target=3d"_blank">http://www.win.tue.nl/hashclash/rogue-ca/</a><br><b= r>In particular see: <br><a href=3d"http://www.kb.cert.org/vuls/id/836068" t= arget=3d"_blank">http://www.kb.cert.org/vuls/id/836068</a><br><br>where they= say: <br>"Do not use the MD5 algorithm <br>Software developers, Certificati= on Authorities, website owners, and users should avoid using the MD5 algorit= hm in any capacity. As previous research has demonstrated, it should be cons= idered cryptographically broken and unsuitable for further use. <br><br>Scru= tinize SSL certificates signed by certificates using the MD5 algorithm" <br>= <br>-- Neil Herber <o:p></o:p></span></p></div></div></div> </body></html> ------=_NextPart_surgeweb_127141336_mpa=--
Last Next
Simple index of items from the news group
