Warning about using older GnuTLS versions


In light of recently-published chosen-prefix attacks on SHA1 [1], I caution that it is no longer safe to use Epiphany, or any other WebKitGTK-based browser, or libsoup, or any applications based on libsoup, or any other applications using GLib's networking facilities, in combination with GnuTLS versions older than GnuTLS 3.6. GnuTLS versions prior to 3.6 will accept certificates that use SHA1 signatures. It is now both possible and economically-feasible to forge these signatures. Your secure connections can no longer be trusted to be secure when using these older versions of GnuTLS.

Notably, this affects Ubuntu 18.04, which still uses GnuTLS 3.5, and all derived distros. Many other distros are also affected.


[1] https://arstechnica.com/information-technology/2020/01/pgp-keys-software-security-and-much-more-threatened-by-new-sha1-exploit/

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]