SSL Certificate Signed Using SHA-1 Algorithm
Info Nessus Plugin ID 86067
SynopsisAn SSL certificate in the certificate chain has been signed using the SHA-1 hashing algorithm.
DescriptionThe remote service uses an SSL certificate chain that has been signed with SHA-1, a cryptographically weak hashing algorithm. This signature algorithm is known to be vulnerable to collision attacks. An attacker can potentially exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire on or between January 1, 2016 and December 31, 2016 as informational. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.