Skip to content

crypto/x509: reject SHA-1 signatures in Verify #41682

New issue
New issue
Closed
Closed
crypto/x509: reject SHA-1 signatures in Verify#41682
Assignees
FiloSottile
Labels
NeedsFixThe path to resolution is known, but the work has not been done.ProposalProposal-AcceptedProposal-CryptoProposal related to crypto packages or other security issuesSecurityrelease-blocker
Milestone
 
Go1.24
@FiloSottile

Description

@FiloSottile
FiloSottile
opened on Sep 28, 2020

SHA-1 is weak: a SHA-1 collision was demonstrated and estimated to cost around $50k. https://shattered.io

Accepting SHA-1 signed certificates is a security issue, and lets attackers mount collision attacks if the CA is still signing SHA-1 certificates. crypto/x509 already rejects outright any MD5 signatures for the same reason.

The WebPKI has banned SHA-1 certificates for years now, and crypto/x509 targets a profile compatible with the WebPKI.

I propose we announce in Go 1.17 that we'll remove support in Go 1.18, and provide a GODEBUG opt-out until Go 1.19.

Metadata

Metadata

Assignees

Labels

NeedsFixThe path to resolution is known, but the work has not been done.ProposalProposal-AcceptedProposal-CryptoProposal related to crypto packages or other security issuesSecurityrelease-blocker

Type

No type

Projects

Proposals

Status

Accepted

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions