[dns-operations] SHA-1 DNSSEC verification broken in RHEL 9 and CentOS 9 Stream

Mukund Sivaraman muks at mukund.org
Thu Apr 14 06:09:37 UTC 2022

On Thu, Apr 14, 2022 at 11:30:55AM +0530, Shreyas Zare wrote:
> On 4/14/2022 11:22 AM, Mukund Sivaraman wrote:
> > 
> > Petr's email seems limited to use of RSASHA-1 and NSEC3RSASHA1 as RRSIG
> > algorithms, and possibly DS digest type.
> Petr's email was about complete removal of SHA-1 support from RHEL 9.0. So,
> this should affect any software that tries to use SHA-1 for any purpose.

If that is the case (total removal of SHA-1 in all forms), it would be
very disruptive.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20220414/2d6a4e03/attachment.sig>

More information about the dns-operations mailing list