I would like to add decision to not allow SHA1 signatures verification
were done on openssl component in RHEL9. It was not proposed by bind
maintainer and because the crypto library prevents that operation, there
is a little bind package made by any vendor can do. Unless they want to
support th
Hello Wolfgang,
I would suggest using policy DEFAULT:SHA1 instead. It does not enable
all outdated algorithms, but enables only SHA1 in addition. Good choice
for dedicated DNS servers.
$ update-crypto-policies --set DEFAULT:SHA1
With my bind maintainer hat on, I need to clarify that it was e
On 12/28/23 12:58, Adrian Zaugg wrote:
Hi Nick
Not changing the key algo does help indeed when introducing dnssec-policy, see
the log below. Thank you very much for pointing this out.
But I do not understand why BIND deletes valid and published keys, just
because there should be another algo us
3 matches
Mail list logo
