SSL Certificate Signed Using SHA-1 Algorithm

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

An SSL certificate in the certificate chain has been signed using the
SHA-1 hashing algorithm.

Description :

The remote service uses an SSL certificate chain that has been signed
with SHA-1, a cryptographically weak hashing algorithm. This signature
algorithm is known to be vulnerable to collision attacks. An attacker
can exploit this to generate another certificate with the same digital
signature, allowing the attacker to masquerade as the affected
service.

Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire on or between January 1, 2016 and December 31, 2016
as informational. This is in accordance with Google's gradual
sunsetting of the SHA-1 cryptographic hash algorithm.

See also :

http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
https://tools.ietf.org/html/rfc3279

Solution :

n/a

Risk factor :

None

Family: General

Nessus Plugin ID: 86067 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now