boulder

Commit Graph

Author	SHA1	Message	Date
Roland Bracewell Shoemaker	2d3fc8c4b4	Add tool to search for certificates containing debian weak keys (#3077 ) Fixes #3074.	2017-09-13 10:59:58 -07:00
Roland Bracewell Shoemaker	7c6183b3b4	Fix debian weak key testing (#2884 ) Initial implementation constructed the hash input incorrectly. New test uses a key modulus that is actually on the openssl weak key list instead of a random placeholder.	2017-07-20 12:25:32 -07:00
Roland Bracewell Shoemaker	8ce2f8b432	Basic RSA known weak key checking (#2765 ) Adds a basic truncated modulus hash check for RSA keys that can be used to check keys against the Debian `{openssl,openssh,openvpn}-blacklist` lists of weak keys generated during the [Debian weak key incident](https://wiki.debian.org/SSLkeys). Testing is gated on adding a new configuration key to the WFE, RA, and CA configs which contains the path to a directory which should contain the weak key lists. Fixes #157.	2017-05-25 09:33:58 -07:00

Author

SHA1

Message

Date

Roland Bracewell Shoemaker

2d3fc8c4b4

Add tool to search for certificates containing debian weak keys (#3077 )

Fixes #3074.

2017-09-13 10:59:58 -07:00

Roland Bracewell Shoemaker

7c6183b3b4

Fix debian weak key testing (#2884 )

Initial implementation constructed the hash input incorrectly. New test uses a key modulus that is actually on the openssl weak key list instead of a random placeholder.

2017-07-20 12:25:32 -07:00

Roland Bracewell Shoemaker

8ce2f8b432

Basic RSA known weak key checking (#2765 )

Adds a basic truncated modulus hash check for RSA keys that can be used to check keys against the Debian `{openssl,openssh,openvpn}-blacklist` lists of weak keys generated during the [Debian weak key incident](https://wiki.debian.org/SSLkeys).

Testing is gated on adding a new configuration key to the WFE, RA, and CA configs which contains the path to a directory which should contain the weak key lists.

Fixes #157.

2017-05-25 09:33:58 -07:00

3 Commits