crypto/x509: reject SHA-1 signatures in Verify #41682

FiloSottile · 2020-09-28T17:28:42Z

SHA-1 is weak: a SHA-1 collision was demonstrated and estimated to cost around $50k. https://shattered.io

Accepting SHA-1 signed certificates is a security issue, and lets attackers mount collision attacks if the CA is still signing SHA-1 certificates. crypto/x509 already rejects outright any MD5 signatures for the same reason.

The WebPKI has banned SHA-1 certificates for years now, and crypto/x509 targets a profile compatible with the WebPKI.

I propose we announce in Go 1.17 that we'll remove support in Go 1.18, and provide a GODEBUG opt-out until Go 1.19.

rsc · 2021-04-07T18:02:15Z

This proposal has been added to the active column of the proposals project
and will now be reviewed at the weekly proposal review meetings.
— rsc for the proposal review group

rsc · 2021-04-14T17:36:15Z

How many of the ancient servers being discussed in #45428 are serving SHA-1 signatures?

FiloSottile · 2021-04-14T21:46:21Z

SHA-1 in crypto/x509 is unrelated to crypto/tls, except to the extent that if you're running a legacy stack you're more likely to have both components be out of date. You can serve a SHA-1 certificate over TLS 1.3, if you felt like it.

There are no publicly trusted SHA-1 certificates anymore, so we pretty much have no numbers about them. (Well, we do, and they say zero, but they don't capture internal deployments.) Anyone using them is doing it with their own managed CA.

rsc · 2021-04-21T18:02:38Z

Based on the discussion above, this proposal seems like a likely accept.
— rsc for the proposal review group

rsc · 2021-04-28T18:08:30Z

No change in consensus, so accepted. 🎉
This issue now tracks the work of implementing the proposal.
— rsc for the proposal review group

FiloSottile · 2021-06-15T15:01:41Z

https://golang.org/cl/327811 has the pre-announcement, moving to Go 1.18 for implementation.

gopherbot · 2022-10-26T03:19:15Z

Change https://go.dev/cl/445496 mentions this issue: crypto/x509: respect GODEBUG changes for allowing SHA1 certificates

joedian · 2022-10-26T16:21:59Z

@gopherbot please backport this to previous releases.

This allows programs that want SHA1 support to call os.Setenv at startup instead of insisting that users set the environment variable themselves. For #41682. Fixes #56436. Change-Id: Idcb96212a1d8c560e1dd8eaf7c80b6266f16431e Reviewed-on: https://go-review.googlesource.com/c/go/+/445496 Reviewed-by: David Chase <[email protected]> Run-TryBot: Russ Cox <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Auto-Submit: Russ Cox <[email protected]>

gopherbot · 2022-10-26T18:58:43Z

Change https://go.dev/cl/445655 mentions this issue: crypto/x509: respect GODEBUG changes for allowing SHA1 certificates

gopherbot · 2022-10-26T19:00:40Z

Change https://go.dev/cl/445656 mentions this issue: crypto/x509: respect GODEBUG changes for allowing SHA1 certificates

This allows programs that want SHA1 support to call os.Setenv at startup instead of insisting that users set the environment variable themselves. For golang#41682. Fixes golang#56436. Change-Id: Idcb96212a1d8c560e1dd8eaf7c80b6266f16431e Reviewed-on: https://go-review.googlesource.com/c/go/+/445496 Reviewed-by: David Chase <[email protected]> Run-TryBot: Russ Cox <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Auto-Submit: Russ Cox <[email protected]>

…wing SHA1 certificates This allows programs that want SHA1 support to call os.Setenv at startup instead of insisting that users set the environment variable themselves. For #41682. Fixes #56436. Fixes #56437. Change-Id: Idcb96212a1d8c560e1dd8eaf7c80b6266f16431e Reviewed-on: https://go-review.googlesource.com/c/go/+/445496 Reviewed-by: David Chase <[email protected]> Run-TryBot: Russ Cox <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Auto-Submit: Russ Cox <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/445656

…wing SHA1 certificates This allows programs that want SHA1 support to call os.Setenv at startup instead of insisting that users set the environment variable themselves. For #41682. Fixes #56436. Fixes #56438. Change-Id: Idcb96212a1d8c560e1dd8eaf7c80b6266f16431e Reviewed-on: https://go-review.googlesource.com/c/go/+/445496 Reviewed-by: David Chase <[email protected]> Run-TryBot: Russ Cox <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Auto-Submit: Russ Cox <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/445655

When using LibreSSL 2.8.3 the generated certs are using SHA1. This causes istiod to fail to start up due to changes in go 1.18 (see golang/go#41682). This also fixes the instructiosn for https://istio.io/latest/docs/tasks/security/cert-management/plugin-ca-cert/

When using LibreSSL 2.8.3 the generated certs are using SHA1. This causes istiod to fail to start up due to changes in go 1.18 (see golang/go#41682). This also fixes the instructiosn for https://istio.io/latest/docs/tasks/security/cert-management/plugin-ca-cert/ Co-authored-by: Jacob Delgado <[email protected]>

…wing SHA1 certificates This allows programs that want SHA1 support to call os.Setenv at startup instead of insisting that users set the environment variable themselves. For golang#41682. Fixes golang#56436. Fixes golang#56438. Change-Id: Idcb96212a1d8c560e1dd8eaf7c80b6266f16431e Reviewed-on: https://go-review.googlesource.com/c/go/+/445496 Reviewed-by: David Chase <[email protected]> Run-TryBot: Russ Cox <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Auto-Submit: Russ Cox <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/445655

FiloSottile added Security NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Sep 28, 2020

FiloSottile added this to the Backlog milestone Sep 28, 2020

FiloSottile modified the milestones: Backlog, Go1.17 Oct 20, 2020

This comment has been minimized.

Sign in to view

FiloSottile self-assigned this Mar 17, 2021

FiloSottile changed the title ~~crypto/x509: stop verifying SHA-1 signatures~~ proposal: crypto/x509: stop verifying SHA-1 signatures Apr 7, 2021

gopherbot added the Proposal label Apr 7, 2021

FiloSottile added the Proposal-Crypto Proposal related to crypto packages or other security issues label Apr 7, 2021

rsc mentioned this issue Apr 7, 2021

proposal: review meeting minutes #33502

Open

This comment has been minimized.

Sign in to view

rsc changed the title ~~proposal: crypto/x509: stop verifying SHA-1 signatures~~ proposal: crypto/x509: reject SHA-1 signatures in Verify Apr 21, 2021

rsc added the Proposal-FinalCommentPeriod label Apr 21, 2021

rsc changed the title ~~proposal: crypto/x509: reject SHA-1 signatures in Verify~~ crypto/x509: reject SHA-1 signatures in Verify Apr 28, 2021

rsc added the Proposal-Accepted label Apr 28, 2021

FiloSottile modified the milestones: Go1.17, Go1.18 Jun 15, 2021

FiloSottile removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Proposal-FinalCommentPeriod labels Jun 15, 2021

rsc mentioned this issue Oct 26, 2022

crypto/x509: respect GODEBUG changes during program lifetime #56436

Closed

jacob-delgado mentioned this issue Nov 28, 2022

Always use sha256 when generating self-signed certs (sample code) istio/istio#42178

Merged

This was referenced Jan 4, 2023

[docs] Update TLS-based Authentication Example open-policy-agent/opa#5534

Closed

[docs] Update TLS-based Authentication Example open-policy-agent/opa#5535

Merged

johnma14 mentioned this issue Feb 16, 2023

Fix minor nits on the security tasks page for Certificate Management istio/istio.io#12695

Closed

anattapol mentioned this issue Feb 26, 2023

Generate self-sign cert with SHA256 slackhq/simple-kubernetes-webhook#8

Open

4 tasks

pjbgf mentioned this issue Feb 27, 2023

[BUG] Unsupported TLS protocol error after upgrading Rancher rancher/rancher#40671

Closed

stephen37 mentioned this issue Mar 1, 2023

x509: certificate signed by unknown authority SeldonIO/seldon-core#4700

Closed

Revolyssup mentioned this issue Aug 2, 2023

fix: upgrade go-grpc package to fix panic bug api7/grpc-client-nginx-module#70

Merged

nunoOliveiraqwe mentioned this issue Feb 1, 2024

Add support for setting digest algo micromdm/scep#227

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

crypto/x509: reject SHA-1 signatures in Verify #41682

crypto/x509: reject SHA-1 signatures in Verify #41682

FiloSottile commented Sep 28, 2020 •

edited

Loading

This comment has been minimized.

rsc commented Apr 7, 2021

This comment has been minimized.

rsc commented Apr 14, 2021

FiloSottile commented Apr 14, 2021

rsc commented Apr 21, 2021

rsc commented Apr 28, 2021

FiloSottile commented Jun 15, 2021

gopherbot commented Oct 26, 2022

joedian commented Oct 26, 2022

gopherbot commented Oct 26, 2022

gopherbot commented Oct 26, 2022

crypto/x509: reject SHA-1 signatures in Verify #41682

crypto/x509: reject SHA-1 signatures in Verify #41682

Comments

FiloSottile commented Sep 28, 2020 • edited Loading

This comment has been minimized.

rsc commented Apr 7, 2021

This comment has been minimized.

rsc commented Apr 14, 2021

FiloSottile commented Apr 14, 2021

rsc commented Apr 21, 2021

rsc commented Apr 28, 2021

FiloSottile commented Jun 15, 2021

gopherbot commented Oct 26, 2022

joedian commented Oct 26, 2022

gopherbot commented Oct 26, 2022

gopherbot commented Oct 26, 2022

FiloSottile commented Sep 28, 2020 •

edited

Loading