Re: Warning about using older GnuTLS versions
- From: jjb <jjb xs4all nl>
- To: Michael Catanzaro <mcatanzaro gnome org>, epiphany-list gnome org
- Subject: Re: Warning about using older GnuTLS versions
- Date: Fri, 10 Jan 2020 20:32:17 +0100
Hi, After new update of epiphany, is it safe now?
Jaap
On 1/7/20 8:53 PM, Michael Catanzaro wrote:
Hi,
In light of recently-published chosen-prefix attacks on SHA1 [1], I
caution that it is no longer safe to use Epiphany, or any other
WebKitGTK-based browser, or libsoup, or any applications based on
libsoup, or any other applications using GLib's networking facilities,
in combination with GnuTLS versions older than GnuTLS 3.6. GnuTLS
versions prior to 3.6 will accept certificates that use SHA1
signatures. It is now both possible and economically-feasible to forge
these signatures. Your secure connections can no longer be trusted to
be secure when using these older versions of GnuTLS.
Notably, this affects Ubuntu 18.04, which still uses GnuTLS 3.5, and
all derived distros. Many other distros are also affected.
Michael
[1]
https://arstechnica.com/information-technology/2020/01/pgp-keys-software-security-and-much-more-threatened-by-new-sha1-exploit/
_______________________________________________
epiphany-list mailing list
epiphany-list gnome org
https://mail.gnome.org/mailman/listinfo/epiphany-list
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
