Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: stop verifying SHA-1 signatures #41682

FiloSottile opened this issue Sep 28, 2020 · 0 comments

crypto/x509: stop verifying SHA-1 signatures #41682

FiloSottile opened this issue Sep 28, 2020 · 0 comments


Copy link

@FiloSottile FiloSottile commented Sep 28, 2020

SHA-1 is weak: a SHA-1 collision was demonstrated and estimated to cost around $50k.

Accepting SHA-1 signed certificates is a security issue, and lets attackers mount collision attacks if the CA is still signing SHA-1 certificates. crypto/x509 already rejects outright any MD5 signatures for the same reason.

Unfortunately, there are definitely a lot of SHA-1 certificates still in the wild, even if the browsers stopped accepting them and WebPKI banned them a long time ago. We should look at how they are handled by other implementations and decide if we need to provide a programmatic opt-in, or just the usual temporary GODEBUG opt-in.

/cc @katiehockman @rolandshoemaker

@FiloSottile FiloSottile added this to the Backlog milestone Sep 28, 2020
@FiloSottile FiloSottile modified the milestones: Backlog, Go1.17 Oct 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
You can’t perform that action at this time.