Disabling SHA-1 in signatures on RHEL 7
Table of Contents
Specific uses of SHA-1 such as using SHA-1 for signatures are known to be vulnerable while other uses are still considered secure (for example, using SHA-1 for HMAC or PRF) [1]. To disable SHA-1 in RHEL 7 for specific use cases, modify the cryptographic setting of your application.
To some extent and as long as an application is using default settings of cryptographic libraries, you can disable SHA-1 in cryptographic protocols. However, on RHEL 7, there is no system-wide setting to disable some cryptographic primitives. On RHEL 8 and later, this problem is solved by introducing crypto-policies. In general, the best way to disable SHA-1 for signatures is to upgrade your systems to RHEL 9, because there are no plans to improve the general support of RHEL 7 without SHA-1.
DNSSEC
To disable validation of SHA-1 signatures in Bind 9.11, modify the disable-ds-digests option in the /etc/named.conf file as follows:
# cat /etc/named.conf
…
options {
...
disable-ds-digests "." {
SHA-1;
};
};
…
The zones covered by disable-ds-digests are treated as insecure unless other digests are available.
SSH
To disable SHA-1 in signatures for SSH in RHEL 7, you must have OpenSSH 7.4. Configure clients and servers through the /etc/ssh/ssh_config and /etc/ssh/sshd_config files to avoid GSS-API and reject SHA-1 signatures as follows:
GSSAPIAuthentication no(note that this is the default setting)PubkeyAcceptedKeyTypescontains neitherssh-rsanorssh-rsa-cert-v01@openssh.com
Disable key-exchange algorithms using SHA-1 because of their vulnerability [3]:
KexAlgorithmscontains neitherdiffie-hellman-group-exchange-sha1nordiffie-hellman-group14-sha1
Also, consider using ECDSA instead of RSA keys because the former are not using SHA-1 [2].
TLS
Using at least TLS 1.2 and DTLS 1.2 [4] helps to avoid using SHA-1 signatures in TLS because TLS 1.2 can use signature algorithms stronger than SHA-1.
-
In GnuTLS 3.3 and OpenSSL 1.0.2 contained in RHEL 7, you cannot disable SHA-1 for signatures by default. You have to configure applications to use specific controls over the TLS protocol version if possible. Note that you cannot configure rejecting certificates signed using SHA-1 even with TLS 1.2.
-
In NSS 3.90, you can disable using SHA-1 signatures by disallowing SHA-1 hashes in the /etc/pki/nss-legacy/nss-rhel7.config file.
IKE & IPsec
As described in RFC 4894 [5], neither IKE nor IPsec protocols are susceptible to attacks on the weakness of SHA-1 hash functions, and hence prohibiting is not necessary.
RPM package signatures
RPM packages signed in RHEL 7 use SHA-1 by default. You can modify RPM signing to use SHA-256 (for example) but in general, you cannot reject a SHA-1-signed RPM package in RHEL 7.
References
- [1] RFC 4270 - Attacks on Cryptographic Hashes in Internet Protocols
- [2] RFC 5656: Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer
- [3] Steps to disable the diffie-hellman-group1-sha1 algorithm in SSH - Red Hat Customer Portal
- [4] RFC 9155 - Deprecating MD5 and SHA-1 Signature Hashes in TLS 1.2 and DTLS 1.2
- [5] RFC 4894 - Use of Hash Algorithms in Internet Key Exchange (IKE) and IPsec
Comments