This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
An SSL certificate in the certificate chain has been signed using the
SHA-1 hashing algorithm.
The remote service uses an SSL certificate chain that has been signed
with SHA-1, a cryptographically weak hashing algorithm. This signature
algorithm is known to be vulnerable to collision attacks. An attacker
can exploit this to generate another certificate with the same digital
signature, allowing the attacker to masquerade as the affected
Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire on or between January 1, 2016 and December 31, 2016
as informational. This is in accordance with Google's gradual
sunsetting of the SHA-1 cryptographic hash algorithm.
See also :
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now