Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 10293 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG generated SSL decryption certificate is using SHA-1 digest

ClerpremSpa

Hello,

SHA-1 algorythm has been deprecated. XG still generates this kind of certificates for SSL scanning. The browsers now, mark the connection as insecure for this reason.

Is this behaviour of the appliance configurable? WIll it be corrected?



This thread was automatically locked due to age.
Parents
  • 0

    Actually XG Firewall has always used SHA256.

    In IE, go to an HTTPS website.  Now view the certificate.

    The "Signature algorithm" is sha256RSA.  The "Signature hash algorithm" is sha256.

    Note that the "Thumbprint algorithm" is sha1 but that is immaterial and not a security issue.

Reply
  • 0

    Actually XG Firewall has always used SHA256.

    In IE, go to an HTTPS website.  Now view the certificate.

    The "Signature algorithm" is sha256RSA.  The "Signature hash algorithm" is sha256.

    Note that the "Thumbprint algorithm" is sha1 but that is immaterial and not a security issue.

Children