SSL Certificate Signed Using SHA-1 Algorithm

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.

Synopsis :

An SSL certificate in the certificate chain has been signed using the
SHA-1 hashing algorithm.

Description :

The remote service uses an SSL certificate chain that has been signed
with SHA-1, a cryptographically weak hashing algorithm. This signature
algorithm is known to be vulnerable to collision attacks. An attacker
can exploit this to generate another certificate with the same digital
signature, allowing the attacker to masquerade as the affected

Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire on or between January 1, 2016 and December 31, 2016
as informational. This is in accordance with Google's gradual
sunsetting of the SHA-1 cryptographic hash algorithm.

See also :

Solution :


Risk factor :


Family: General

Nessus Plugin ID: 86067 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now