Fedora 41 Will Make OpenSSL Distrust SHA1 Signatures By Default
([Fedora] 9 Minutes Ago
Distrusting SHA1)
- Reference: 0001473420
- News link: https://www.phoronix.com/news/Fedora-41-OpenSSL-Distrust-SHA1
- Source link:
A change proposal has been approved for Fedora 41 to make OpenSSL distrust SHA1 signatures by default.
Due to collision attacks on SHA1 becoming increasingly possible and becoming ever more practical with increases in computing resources, Fedora's plan is to start blocking SHA1 signature creation and verification by default. This was previously proposed for Fedora back in 2022 as part of broader crypto changes but has now been revised -- and approved -- in current form just focusing on the SHA1 crypto tightening.
The Fedora 41 [1]change proposal explains:
"This change, when discussed as part of the rejected Changes/StrongCryptoSettings3 , has proved itself controversial.
There seems to be a consensus that the change has to be done sooner or later, but Fedora is a remarkably conservative distribution when it comes to deprecating legacy cryptography, even if by-default-only.
The decision to discover code reliant on SHA-1 signatures by blocking creation/verification has not gathered many fans, but it's not like many viable alternative proposals have been raised in return either. In particular, there is no suitable facility to perform opt-out logging of the rejected operation. Opt-in logging through USDT probes has been implemented the last time and has been reinstated again to aid testing this change.
The precursor change has received limited testing during Fedora 37 Test Days, with only a handful of bugs discovered. The ones that were, though, wouldn't be something realistically discoverable by other means.
The change has received significant testing in RHEL, which distrusts SHA-1 signatures by default starting from RHEL-9. Having this switch flipped in RHEL for ~2 years further enforces our confidence in the change."
So with that, Fedora 41 is on track to finally distrust SHA1 signatures by default come late 2024.
[1] https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
Due to collision attacks on SHA1 becoming increasingly possible and becoming ever more practical with increases in computing resources, Fedora's plan is to start blocking SHA1 signature creation and verification by default. This was previously proposed for Fedora back in 2022 as part of broader crypto changes but has now been revised -- and approved -- in current form just focusing on the SHA1 crypto tightening.
The Fedora 41 [1]change proposal explains:
"This change, when discussed as part of the rejected Changes/StrongCryptoSettings3 , has proved itself controversial.
There seems to be a consensus that the change has to be done sooner or later, but Fedora is a remarkably conservative distribution when it comes to deprecating legacy cryptography, even if by-default-only.
The decision to discover code reliant on SHA-1 signatures by blocking creation/verification has not gathered many fans, but it's not like many viable alternative proposals have been raised in return either. In particular, there is no suitable facility to perform opt-out logging of the rejected operation. Opt-in logging through USDT probes has been implemented the last time and has been reinstated again to aid testing this change.
The precursor change has received limited testing during Fedora 37 Test Days, with only a handful of bugs discovered. The ones that were, though, wouldn't be something realistically discoverable by other means.
The change has received significant testing in RHEL, which distrusts SHA-1 signatures by default starting from RHEL-9. Having this switch flipped in RHEL for ~2 years further enforces our confidence in the change."
So with that, Fedora 41 is on track to finally distrust SHA1 signatures by default come late 2024.
[1] https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
phoronix