Bug #3269
closed
Problem System: Certificate Authority Manager
0%
Description
From pfSense 2.0.1 to 2.1 when you create a certificate, (in pfSense 2.1) you must select an algorithm (Sha1 , sha256 ecc..).
I use psSense with yealink phone in openVPN and this phone use only algorithm MD5.
I can't use pfSense 2.1 because is not possible use algorithm MD5 where i create a certificate.
Updated by Doktor Notor almost 12 years ago
Offering stuff known to be insecure since 2008 at least on not an option. Ditch the crappy HW. http://www.win.tue.nl/hashclash/rogue-ca/
Updated by Luca Morri almost 12 years ago
Yes, MD5 is insicure, but untill yealink don't update your ip-phone for SHA support is impossible use this phone with pfsense and openVpn. The best think to do is insert into select algorithm an further MD5 option. In this case is possible choose.
Thank
Updated by Doktor Notor almost 12 years ago
Until?! :-O If they've not noticed they are using insecure crap in 5 years, you'd better find a viable vendor (and ditch the junk, as suggested above.)
Updated by Luca Morri almost 12 years ago
My comunication is only an advice. Insert an option in pfSense don't mean with pfSense will become insicure, because you can choose between (MD%, SHA1, SHA256, ecc..)
Change all my ip phone (I have a company with ip phone, don't sell ip-phone) and add ad option in fpsense have different cost.
But the pfsense comunity don't accet this suggestion is the same. I will use pfsene 2.0.1 untill Yealink Ip Phone don't update your firmware.
Thank.
Updated by Renato Botelho almost 12 years ago
- Status changed from New to Rejected
MD5 is harmful and should be avoided.
Updated by