[Ach] FYI: win8 and sha512
Adi Kriegisch
adi at kriegisch.at
Wed Jul 2 16:42:38 CEST 2014
Dear all,
just to let you know: I had severe issues with win8.1 and some certificates
(and certificate authorities):
basically windows just closed the connection after the key exchange when
using TLSv1.2. This was because at least one of the certificates in the
chain was signed with SHA512 (which windows perfectly understands but does
not accept as a valid hash function for certificates).
About a year ago someone already found a solution[1] for this:
add "RSA/SHA512" to the list of valid functions:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010003\Functions
and reboot...
Does anyone know what the appropriate channel to contact CACert about this
issue is? (I think they should at least hint at this in their wiki...)
-- Adi
[1] http://www.michaelm.info/blog/?p=1273
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140702/7ee2a807/attachment.sig>
More information about the Ach
mailing list