[QA][4.4]Action taken for the CVE-2004-2761

Solution Verified - Updated -

Issue

  • [QA][4.4]Action taken for the CVE-2004-2761
  • For openssl setting, should a user change the default setting of default_md to sha1 in /usr/share/ssl/openssl.cnf?

[ CA_default ]
<snip>
#default_md      = md5                   # which md to use.
default_md      = sha1         

  • For mod_ssl, does a user need to set some extra option to let it use sha1?
  • FJ requests those info to the kbase article which seems to be based on RHEL5:

     http://kbase.redhat.com/faq/docs/DOC-15379

Should I be concerned about the rogue CA certificate MD5 collision attack, CVE-2004-2761?

Environment

  • Red Hat Enteripse Linux 4 Update 4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In