New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/x509: consider removing support for signing with RSA-MD5 #42125
Comments
Change https://golang.org/cl/285872 mentions this issue: |
Removed |
@rolandshoemaker This is in the Go 1.18 milestone. What is the status of this for the 1.18 release? Thanks. |
We decided to pre-announce this in 1.18, and disable it in 1.19, I've moved it to the right milestone. |
Change https://go.dev/cl/391174 mentions this issue: |
Pre-announce the removal of certificate signing with MD5 and SHA-1 based algs in 1.19. Updates golang/go#42125 Change-Id: I78784f3182b1d33ce6271621abd6c35cd668d93c Reviewed-on: https://go-review.googlesource.com/c/website/+/391174 Reviewed-by: Filippo Valsorda <valsorda@google.com> Trust: Dmitri Shuralyov <dmitshur@google.com>
Pre-announce the removal of certificate signing with MD5 and SHA-1 based algs in 1.19. Updates golang/go#42125 Change-Id: I78784f3182b1d33ce6271621abd6c35cd668d93c Reviewed-on: https://go-review.googlesource.com/c/website/+/391174 Reviewed-by: Filippo Valsorda <valsorda@google.com> Trust: Dmitri Shuralyov <dmitshur@google.com>
MD5 is very broken, which is why we don't implement support for verifying certificates that use the RSA-MD5 (
MD5WithRSA
) signature algorithm. We do still support signing new certificates with RSA-MD5 though, which is not ideal as it introduces some inconsistency around how we handle certificates (i.e. see https://go-review.googlesource.com/c/go/+/264019).Presumably we still provide support because at some point in the past there were still some users of RSA-MD5 certificates, and we're only allowing them to create broken certificates rather than verifying them (and thus relying on them). Unless there are still significant use cases I'd suggest we just completely axe support for this broken signature algorithm, reducing our support burden, and hopefully further dissuading anyone from making a serious mistake in their choice of algorithms.
The text was updated successfully, but these errors were encountered: