mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
- patch_rsamd5_enable.diff: this patch enables RSAMD5 validation
otherwise it is treated as insecure. The RSAMD5 algorithm is deprecated (RFC6725). The MD5 hash is considered weak for some purposes, if you want to sign your zone, then RSASHA256 is an uncontested hash. git-svn-id: file:///svn/unbound/trunk@2760 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
508ea86578
commit
b44780b22c
@ -17,3 +17,5 @@ distribution but may be helpful.
|
||||
in with the nagios monitoring framework. Contributed by Migiel de Vos.
|
||||
* unbound_unixsock.diff: Add Unix socket support for unbound-control.
|
||||
Contributed by Ilya Bakulin, 2012-08-28.
|
||||
* patch_rsamd5_enable.diff: this patch enables RSAMD5 validation (otherwise
|
||||
it is treated as insecure). The RSAMD5 algorithm is deprecated (RFC6725).
|
||||
|
22
contrib/patch_rsamd5_enable.diff
Normal file
22
contrib/patch_rsamd5_enable.diff
Normal file
@ -0,0 +1,22 @@
|
||||
Index: validator/val_secalgo.c
|
||||
===================================================================
|
||||
--- validator/val_secalgo.c (revision 2759)
|
||||
+++ validator/val_secalgo.c (working copy)
|
||||
@@ -153,7 +153,7 @@
|
||||
switch(id) {
|
||||
case LDNS_RSAMD5:
|
||||
/* RFC 6725 deprecates RSAMD5 */
|
||||
- return 0;
|
||||
+ return 1;
|
||||
case LDNS_DSA:
|
||||
case LDNS_DSA_NSEC3:
|
||||
case LDNS_RSASHA1:
|
||||
@@ -617,7 +617,7 @@
|
||||
switch(id) {
|
||||
case LDNS_RSAMD5:
|
||||
/* RFC 6725 deprecates RSAMD5 */
|
||||
- return 0;
|
||||
+ return 1;
|
||||
case LDNS_DSA:
|
||||
case LDNS_DSA_NSEC3:
|
||||
case LDNS_RSASHA1:
|
@ -1,3 +1,10 @@
|
||||
17 September 2012: Wouter
|
||||
- patch_rsamd5_enable.diff: this patch enables RSAMD5 validation
|
||||
otherwise it is treated as insecure. The RSAMD5 algorithm is
|
||||
deprecated (RFC6725). The MD5 hash is considered weak for some
|
||||
purposes, if you want to sign your zone, then RSASHA256 is an
|
||||
uncontested hash.
|
||||
|
||||
30 August 2012: Wouter
|
||||
- RFC6725 deprecates RSAMD5: this DNSKEY algorithm is disabled.
|
||||
- iana portlist updated.
|
||||
|
Loading…
Reference in New Issue
Block a user