[Bug 1875920] Re: New default %PROFILE_MEDIUM breaks root ceritificates which use SHA1

Simon Déziel 1875920 at bugs.launchpad.net
Wed Apr 14 16:00:24 UTC 2021 

@xnox, I _think_ SHA1 isn't used in the insecure way that you seem to be
referring to.

The problem seems to be that the certification path used by gnutls ends
up with a root CA self-signed with SHA1. The rest of the path is using
SHA256 as it should. This can be visualized in "Certification Paths >
Path #1: Trusted" on [1]. In theory, using SHA1 on a root CA should not
be a concern.

"openssl s_client -connect ggproxy-secure-12.gadu-gadu.pl:443" uses a
different path and doesn't meet any self-signed root CA with SHA1.

[1]: https://www.ssllabs.com/ssltest/analyze.html?d=ggproxy-secure-12
.gadu-gadu.pl

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/1875920

Title:
  New default %PROFILE_MEDIUM breaks root  ceritificates which use SHA1

Status in gnutls28 package in Ubuntu:
  Confirmed

Bug description:
  For example /usr/share/ca-
  certificates/mozilla/Certum_Trusted_Network_CA.crt used here:

  gnutls-cli --starttls-proto smtp --port 25 smtp.yandex.ru -d 2

  
  - Certificate[2] info:
   - subject `CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL', issuer `CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL', serial 0x00939285400165715f947f288fefc99b28, RSA key 2048 bits, signed using RSA-SHA256, activated `2008-10-22 12:07:37 UTC', expires `2027-06-10 10:46:39 UTC', pin-sha256="qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU="
  |<2>| issuer in verification was not found or insecure; trying against trust list
  |<2>| GNUTLS_SEC_PARAM_MEDIUM: certificate's signature hash strength is unacceptable (is 80 bits, needed 112)

  Secure check for SHA1 has exception for self-signed certificates
  this check is not:

  
  	if (sigalg >= 0 && se) {
  		if (is_level_acceptable(cert, issuer, sigalg, flags) == 0) {
  			MARK_INVALID(GNUTLS_CERT_INSECURE_ALGORITHM);
  		}

  		/* If the certificate is not self signed check if the algorithms
  		 * used are secure. If the certificate is self signed it doesn't
  		 * really matter.
  		 */
  		if (_gnutls_sign_is_secure2(se, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0 &&
  		    _gnutls_is_broken_sig_allowed(se, flags) == 0 &&
  		    is_issuer(cert, cert) == 0) {
  			MARK_INVALID(GNUTLS_CERT_INSECURE_ALGORITHM);
  		}
  	}

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1875920/+subscriptions

More information about the foundations-bugs mailing list